-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3391
                   Security updates for the Linux Kernel
                              14 October 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Increased Privileges     -- Existing Account      
                   Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
                   Reduced Security         -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-40490 CVE-2021-38209 CVE-2021-38207
                   CVE-2021-38206 CVE-2021-38205 CVE-2021-38204
                   CVE-2021-38198 CVE-2021-38166 CVE-2021-38160
                   CVE-2021-35477 CVE-2021-34556 CVE-2021-3764
                   CVE-2021-3759 CVE-2021-3753 CVE-2021-3752
                   CVE-2021-3744 CVE-2021-3743 CVE-2021-3739
                   CVE-2021-3732 CVE-2021-3679 CVE-2021-3669
                   CVE-2021-3656 CVE-2021-3653 CVE-2021-3640
                   CVE-2020-12770 CVE-2020-3702 

Reference:         ESB-2021.3252
                   ESB-2021.3225
                   ESB-2021.3222
                   ESB-2021.3185

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20213338-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20213337-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20213339-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20213415-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20213205-2

Comment: This bulletin contains five (5) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3338-1
Rating:            important
References:        #1065729 #1148868 #1152489 #1154353 #1159886 #1167773
                   #1170774 #1171688 #1173746 #1174003 #1176447 #1176940
                   #1177028 #1178134 #1184439 #1184804 #1185302 #1185550
                   #1185677 #1185726 #1185762 #1187211 #1188067 #1188418
                   #1188651 #1188986 #1189257 #1189297 #1189841 #1189884
                   #1190023 #1190062 #1190115 #1190138 #1190159 #1190358
                   #1190406 #1190432 #1190467 #1190523 #1190534 #1190543
                   #1190544 #1190561 #1190576 #1190595 #1190596 #1190598
                   #1190620 #1190626 #1190679 #1190705 #1190717 #1190746
                   #1190758 #1190784 #1190785 #1191172 #1191193 #1191292
Cross-References:  CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752
                   CVE-2021-3764 CVE-2021-40490
Affected Products:
                   SUSE Linux Enterprise Module for Public Cloud 15-SP3
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 54 fixes is now available.

Description:


The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:

  o CVE-2020-3702: Fixed a bug which could be triggered with specifically timed
    and handcrafted traffic and cause internal errors in a WLAN device that
    lead to improper layer 2 Wi-Fi encryption with a consequent possibility of
    information disclosure. (bnc#1191193)
  o CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's
    bluetooth module. (bsc#1190023)
  o CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem
    that could leat to local priviledge escalation. (bnc#1190159)
  o CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1189884)
  o CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1190534)
  o CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale
    with large shared memory segment counts which could lead to resource
    exhaustion and DoS. (bsc#1188986)


The following non-security bugs were fixed:

  o ALSA: firewire-motu: fix truncated bytes in message tracepoints
    (git-fixes).
  o apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
  o ASoC: fsl_micfil: register platform component before registering cpu dai
    (git-fixes).
  o ASoC: Intel: Fix platform ID matching (git-fixes).
  o ASoC: mediatek: common: handle NULL case in suspend/resume function
    (git-fixes).
  o ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
  o ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
  o ASoC: rt5682: Implement remove callback (git-fixes).
  o ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
  o ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
  o ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
  o ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
  o ath9k: fix sleeping in atomic context (git-fixes).
  o backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
  o bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
  o blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  o blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  o blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  o blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  o blk-mq: mark if one queue map uses managed irq (bsc#1185762).
  o blk-mq: mark if one queue map uses managed irq (bsc#1185762).
  o Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
  o bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
  o bnxt_en: Add missing DMA memory barriers (git-fixes).
  o bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
  o bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
  o bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
  o bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
  o bnxt_en: Store the running firmware version code (git-fixes).
  o bnxt: count Tx drops (git-fixes).
  o bnxt: disable napi before canceling DIM (git-fixes).
  o bnxt: do not lock the tx queue from napi poll (git-fixes).
  o bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
  o bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring
    (git-fixes).
  o bpf: Fix ringbuf helper function compatibility (git-fixes).
  o bpftool: Add sock_release help info for cgroup attach/prog load command
    (bsc#1177028).
  o btrfs: prevent rename2 from exchanging a subvol with a directory from
    different parents (bsc#1190626).
  o clk: at91: clk-generated: Limit the requested rate to our range
    (git-fixes).
  o clk: at91: clk-generated: pass the id of changeable parent at registration
    (git-fixes).
  o console: consume APC, DM, DCS (git-fixes).
  o cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency()
    (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
  o cuse: fix broken release (bsc#1190596).
  o cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
  o debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#
    1173746).
  o devlink: Break parameter notification sequence to be before/after unload/
    load driver (bsc#1154353).
  o devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
  o dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
  o dmaengine: ioat: depends on !UML (git-fixes).
  o dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
  o dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
  o docs: Fix infiniband uverbs minor number (git-fixes).
  o drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in
    amdgpu_dm_update_backlight_caps (git-fixes).
  o drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
  o drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
    (git-fixes).
  o drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
  o drm/amdgpu: Fix BUG_ON assert (git-fixes).
  o drm/ast: Fix missing conversions to managed API (git-fixes).
  o drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
  o drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
  o drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
  o drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
  o drm/mgag200: Select clock in PLL update functions (git-fixes).
  o drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
  o drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision
    (git-fixes).
  o drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
  o drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
  o drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
  o drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused
    (git-fixes).
  o e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
  o e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
  o EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
  o EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
  o EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
  o enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
  o erofs: fix up erofs_lookup tracepoint (git-fixes).
  o fbmem: do not allow too huge resolutions (git-fixes).
  o fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
    (git-fixes).
  o fpga: machxo2-spi: Return an error on failure (git-fixes).
  o fuse: flush extending writes (bsc#1190595).
  o fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
  o genirq: add device_has_managed_msi_irq (bsc#1185762).
  o genirq: add device_has_managed_msi_irq (bsc#1185762).
  o gpio: uniphier: Fix void functions to remove return value (git-fixes).
  o gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
    access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
  o gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
  o hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#
    SLE-18779, bsc#1185726).
  o hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#
    1185726).
  o hwmon: (mlxreg-fan) Return non-zero value when fan current state is
    enforced from sysfs (git-fixes).
  o hwmon: (tmp421) fix rounding for negative values (git-fixes).
  o hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
  o i40e: Add additional info to PHY type error (git-fixes).
  o i40e: Fix firmware LLDP agent related warning (git-fixes).
  o i40e: Fix log TC creation failure when max num of queues is exceeded
    (git-fixes).
  o i40e: Fix logic of disabling queues (git-fixes).
  o i40e: Fix queue-to-TC mapping on Tx (git-fixes).
  o i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
  o iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#
    SLE-7940).
  o iavf: Set RSS LUT and key in reset handle path (git-fixes).
  o IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
  o ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
  o ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
  o ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
  o ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
  o ice: do not abort devlink info if board identifier can't be found (jsc#
    SLE-12878).
  o ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
  o ice: Prevent probing virtual functions (git-fixes).
  o igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
  o iio: dac: ad5624r: Fix incorrect handling of an optional regulator
    (git-fixes).
  o include/linux/list.h: add a macro to test if entry is pointing to the head
    (git-fixes).
  o iomap: Fix negative assignment to unsigned sis->pages in
    iomap_swapfile_activate (bsc#1190784).
  o ionic: cleanly release devlink instance (bsc#1167773).
  o ionic: cleanly release devlink instance (bsc#1167773).
  o ionic: count csum_none when offload enabled (bsc#1167773).
  o ionic: drop useless check of PCI driver data validity (bsc#1167773).
  o ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#
    1190115).
  o ipc/util.c: use binary search for max_idx (bsc#1159886).
  o ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
  o ipvs: avoid expiring many connections from timer (bsc#1190467).
  o ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
  o ipvs: queue delayed work to expire no destination connections if
    expire_nodest_conn=1 (bsc#1190467).
  o iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
    (git-fixes).
  o iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
    (git-fixes).
  o kernel-binary.spec: Check for no kernel signing certificates. Also remove
    unused variable.
  o kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358).
    Copy the code from kernel-module-subpackage that deals with empty KMPs.
  o kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#
    1190358). The script part for base package case is completely separate from
    the part for subpackages. Remove the part for subpackages from the base
    package script and use the KMP scripts for subpackages instead.
  o libata: fix ata_host_start() (git-fixes).
  o libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
  o libbpf: Fix the possible memory leak on error (git-fixes).
  o mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
  o mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
  o mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
  o mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    (git-fixes).
  o mac80211: mesh: fix potentially unaligned access (git-fixes).
  o media: cedrus: Fix SUNXI tile size calculation (git-fixes).
  o media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
  o media: dib8000: rewrite the init prbs logic (git-fixes).
  o media: imx258: Limit the max analogue gain to 480 (git-fixes).
  o media: imx258: Rectify mismatch of VTS value (git-fixes).
  o media: rc-loopback: return number of emitters rather than error
    (git-fixes).
  o media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
  o media: uvc: do not do DMA on stack (git-fixes).
  o media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
  o mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
  o misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
  o misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
  o mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
  o mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
  o mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
  o mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
  o mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
  o mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
  o mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
  o net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases
    (git-fixes).
  o net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
  o net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
  o net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
  o net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: remove redundant initialization of variable err (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
  o net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
  o net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
  o net/mlx5: E-Switch, handle devcom events only for ports on the same device
    (git-fixes).
  o net/mlx5: Fix flow table chaining (git-fixes).
  o net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set
    () (jsc#SLE-15172).
  o net/mlx5: Fix return value from tracer initialization (git-fixes).
  o net/mlx5: Unload device upon firmware fatal error (git-fixes).
  o net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
  o net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
  o net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
  o netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#
    1190062).
  o nfp: update ethtool reporting of pauseframe control (git-fixes).
  o NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
  o NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
  o NFS: pass cred explicitly for access tests (bsc#1190746).
  o nvme-multipath: revalidate paths during rescan (bsc#1187211).
  o nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
  o nvme: avoid race in shutdown namespace removal (bsc#1188067).
  o nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
  o nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
  o optee: Fix memory leak when failing to register shm pages (git-fixes).
  o parport: remove non-zero check on count (git-fixes).
  o PCI: aardvark: Fix checking for PIO status (git-fixes).
  o PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    (git-fixes).
  o PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO
    response (git-fixes).
  o PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
  o PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
  o PCI: Add AMD GPU multi-function power dependencies (git-fixes).
  o PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
  o PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges'
    (git-fixes).
  o PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
  o PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
  o PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
  o PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
  o PCI: Use pci_update_current_state() in pci_enable_device_flags()
    (git-fixes).
  o phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
  o PM: base: power: do not try to use non-existing RTC for storing data
    (git-fixes).
  o PM: EM: Increase energy calculation precision (git-fixes).
  o power: supply: axp288_fuel_gauge: Report register-address on readb / writeb
    errors (git-fixes).
  o power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
  o powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
  o powerpc: fix function annotations to avoid section mismatch warnings with
    gcc-10 (bsc#1148868).
  o powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
  o powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544
    ltc#194520).
  o powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#
    1065729).
  o powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
    (bsc#1065729).
  o powerpc/perf: Fix the check for SIAR value (bsc#1065729).
  o powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
  o powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
  o powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#
    1065729).
  o powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
  o powerpc/powernv: Fix machine check reporting of async store errors (bsc#
    1065729).
  o powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#
    1190620 ltc#194498).
  o powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
  o pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
  o pwm: img: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
  o qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
  o RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#
    1170774).
  o RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
  o RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it
    recently (jsc#SLE-15175).
  o RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
  o RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
  o Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
  o regmap: fix page selection for noinc reads (git-fixes).
  o regmap: fix page selection for noinc writes (git-fixes).
  o regmap: fix the offset of register error log (git-fixes).
  o Restore kabi after NFS: pass cred explicitly for access tests (bsc#
    1190746).
  o rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary
    and KMP scriptlets to suse-module-tools. This allows fixing bugs in the
    scriptlets as well as defining initrd regeneration policy independent of
    the kernel packages.
  o rpm/kernel-binary.spec: Use only non-empty certificates.
  o rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had
    arbitrary values in staging, we can't use it for dependencies. The
    filesystem one has to be enough (boo#1184804).
  o rtc: rx8010: select REGMAP_I2C (git-fixes).
  o rtc: tps65910: Correct driver module alias (git-fixes).
  o s390/unwind: use current_frame_address() to unwind current task (bsc#
    1185677).
  o sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
  o sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
  o scsi: core: Add helper to return number of logical blocks in a request (bsc
    #1190576).
  o scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
  o scsi: fc: Add EDC ELS definition (bsc#1190576).
  o scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
  o scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
  o scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
  o scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
  o scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
  o scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
  o scsi: lpfc: Add EDC ELS support (bsc#1190576).
  o scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
  o scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
  o scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware
    (bsc#1190576).
  o scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
  o scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#
    1190576).
  o scsi: lpfc: Add support for the CM framework (bsc#1190576).
  o scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#
    1190576).
  o scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
  o scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding
    (bsc#1190576).
  o scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
  o scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
  o scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#
    1190576).
  o scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing
    (bsc#1190576).
  o scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
  o scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
  o scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
  o scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
  o scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#
    1190576).
  o scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
  o scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
  o scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#
    1190576).
  o scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
  o scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#
    1190576).
  o scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
  o scsi: lpfc: Remove unneeded variable (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
  o scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
  o scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#
    1190576).
  o scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
  o scsi: lpfc: Zero CGN stats only during initial driver load and stat reset
    (bsc#1190576).
  o scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
  o scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#
    1174003 bsc#1190576).
  o selftests/bpf: Define string const as global for test_sysctl_prog.c
    (git-fixes).
  o selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP
    (git-fixes).
  o selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change
    (git-fixes).
  o selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
  o serial: 8250_pci: make setup_port() parameters explicitly unsigned
    (git-fixes).
  o serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
  o serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
  o serial: sh-sci: fix break handling for sysrq (git-fixes).
  o spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
  o staging: board: Fix uninitialized spinlock when attaching genpd
    (git-fixes).
  o staging: ks7010: Fix the initialization of the 'sleep_status' structure
    (git-fixes).
  o staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
  o thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
    (git-fixes).
  o time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
  o tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
  o tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
  o tty: serial: jsm: hold port lock when reporting modem line changes
    (git-fixes).
  o tty: synclink_gt, drop unneeded forward declarations (git-fixes).
  o usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
  o usb: core: hcd: Add support for deferring roothub registration (git-fixes).
  o usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails
    (git-fixes).
  o usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
  o usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
  o usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
    (git-fixes).
  o usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
  o usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
  o usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
  o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
  o usb: host: fotg210: fix the endpoint's transactional opportunities
    calculation (git-fixes).
  o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
  o usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
    (git-fixes).
  o usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
    (git-fixes).
  o usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
  o usb: serial: option: add Telit LN920 compositions (git-fixes).
  o usb: serial: option: remove duplicate USB device ID (git-fixes).
  o usbip: give back URBs for unsent unlink requests during cleanup
    (git-fixes).
  o usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
  o video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
  o video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
  o vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
  o vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
  o vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
  o vmxnet3: prepare for version 6 changes (bsc#1190406).
  o vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
  o vmxnet3: set correct hash type based on rss information (bsc#1190406).
  o vmxnet3: update to version 6 (bsc#1190406).
  o watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
    (git-fixes).
  o x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#
    1185302).
  o x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#
    1190561).
  o x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
  o x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
  o x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
  o x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    (bsc#1152489).
  o x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#
    1152489).
  o x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
  o xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
  o xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
  o xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    (git-fixes).
  o xhci: Set HCD flag to defer primary roothub registration (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Public Cloud 15-SP3:
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2021-3338=1

Package List:

  o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
       kernel-devel-azure-5.3.18-38.25.2
       kernel-source-azure-5.3.18-38.25.2
  o SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
       kernel-azure-5.3.18-38.25.2
       kernel-azure-debuginfo-5.3.18-38.25.2
       kernel-azure-debugsource-5.3.18-38.25.2
       kernel-azure-devel-5.3.18-38.25.2
       kernel-azure-devel-debuginfo-5.3.18-38.25.2
       kernel-syms-azure-5.3.18-38.25.1


References:

  o https://www.suse.com/security/cve/CVE-2020-3702.html
  o https://www.suse.com/security/cve/CVE-2021-3669.html
  o https://www.suse.com/security/cve/CVE-2021-3744.html
  o https://www.suse.com/security/cve/CVE-2021-3752.html
  o https://www.suse.com/security/cve/CVE-2021-3764.html
  o https://www.suse.com/security/cve/CVE-2021-40490.html
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1148868
  o https://bugzilla.suse.com/1152489
  o https://bugzilla.suse.com/1154353
  o https://bugzilla.suse.com/1159886
  o https://bugzilla.suse.com/1167773
  o https://bugzilla.suse.com/1170774
  o https://bugzilla.suse.com/1171688
  o https://bugzilla.suse.com/1173746
  o https://bugzilla.suse.com/1174003
  o https://bugzilla.suse.com/1176447
  o https://bugzilla.suse.com/1176940
  o https://bugzilla.suse.com/1177028
  o https://bugzilla.suse.com/1178134
  o https://bugzilla.suse.com/1184439
  o https://bugzilla.suse.com/1184804
  o https://bugzilla.suse.com/1185302
  o https://bugzilla.suse.com/1185550
  o https://bugzilla.suse.com/1185677
  o https://bugzilla.suse.com/1185726
  o https://bugzilla.suse.com/1185762
  o https://bugzilla.suse.com/1187211
  o https://bugzilla.suse.com/1188067
  o https://bugzilla.suse.com/1188418
  o https://bugzilla.suse.com/1188651
  o https://bugzilla.suse.com/1188986
  o https://bugzilla.suse.com/1189257
  o https://bugzilla.suse.com/1189297
  o https://bugzilla.suse.com/1189841
  o https://bugzilla.suse.com/1189884
  o https://bugzilla.suse.com/1190023
  o https://bugzilla.suse.com/1190062
  o https://bugzilla.suse.com/1190115
  o https://bugzilla.suse.com/1190138
  o https://bugzilla.suse.com/1190159
  o https://bugzilla.suse.com/1190358
  o https://bugzilla.suse.com/1190406
  o https://bugzilla.suse.com/1190432
  o https://bugzilla.suse.com/1190467
  o https://bugzilla.suse.com/1190523
  o https://bugzilla.suse.com/1190534
  o https://bugzilla.suse.com/1190543
  o https://bugzilla.suse.com/1190544
  o https://bugzilla.suse.com/1190561
  o https://bugzilla.suse.com/1190576
  o https://bugzilla.suse.com/1190595
  o https://bugzilla.suse.com/1190596
  o https://bugzilla.suse.com/1190598
  o https://bugzilla.suse.com/1190620
  o https://bugzilla.suse.com/1190626
  o https://bugzilla.suse.com/1190679
  o https://bugzilla.suse.com/1190705
  o https://bugzilla.suse.com/1190717
  o https://bugzilla.suse.com/1190746
  o https://bugzilla.suse.com/1190758
  o https://bugzilla.suse.com/1190784
  o https://bugzilla.suse.com/1190785
  o https://bugzilla.suse.com/1191172
  o https://bugzilla.suse.com/1191193
  o https://bugzilla.suse.com/1191292


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3337-1
Rating:            important
References:        #1065729 #1148868 #1152489 #1154353 #1159886 #1167773
                   #1170774 #1173746 #1176940 #1184439 #1184804 #1185302
                   #1185677 #1185726 #1185762 #1187167 #1188067 #1188651
                   #1188986 #1189297 #1189841 #1189884 #1190023 #1190062
                   #1190115 #1190159 #1190358 #1190406 #1190432 #1190467
                   #1190523 #1190534 #1190543 #1190576 #1190595 #1190596
                   #1190598 #1190620 #1190626 #1190679 #1190705 #1190717
                   #1190746 #1190758 #1190784 #1190785 #1191172 #1191193
                   #1191240 #1191292
Cross-References:  CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752
                   CVE-2021-3764 CVE-2021-40490
Affected Products:
                   SUSE Linux Enterprise Module for Public Cloud 15-SP2
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 44 fixes is now available.

Description:


The SUSE Linux Enterprise 15 SP2 kernel was updated.
The following security bugs were fixed:

  o CVE-2020-3702: Fixed a bug which could be triggered with specifically timed
    and handcrafted traffic and cause internal errors in a WLAN device that
    lead to improper layer 2 Wi-Fi encryption with a consequent possibility of
    information disclosure. (bnc#1191193)
  o CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's
    bluetooth module. (bsc#1190023)
  o CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem
    that could leat to local priviledge escalation. (bnc#1190159)
  o CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1189884)
  o CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1190534)
  o CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale
    with large shared memory segment counts which could lead to resource
    exhaustion and DoS. (bsc#1188986)


The following non-security bugs were fixed:

  o ALSA: firewire-motu: fix truncated bytes in message tracepoints
    (git-fixes).
  o apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
  o ASoC: fsl_micfil: register platform component before registering cpu dai
    (git-fixes).
  o ASoC: mediatek: common: handle NULL case in suspend/resume function
    (git-fixes).
  o ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
  o ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
  o ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
  o ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
  o ath9k: fix sleeping in atomic context (git-fixes).
  o backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
  o blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  o blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  o blk-mq: mark if one queue map uses managed irq (bsc#1185762).
  o Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
  o bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
  o bnxt_en: Add missing DMA memory barriers (git-fixes).
  o bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
  o bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
  o bnxt_en: Store the running firmware version code (git-fixes).
  o bnxt: count Tx drops (git-fixes).
  o bnxt: disable napi before canceling DIM (git-fixes).
  o bnxt: do not lock the tx queue from napi poll (git-fixes).
  o bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
  o btrfs: prevent rename2 from exchanging a subvol with a directory from
    different parents (bsc#1190626).
  o clk: at91: clk-generated: Limit the requested rate to our range
    (git-fixes).
  o clk: at91: clk-generated: pass the id of changeable parent at registration
    (git-fixes).
  o console: consume APC, DM, DCS (git-fixes).
  o cuse: fix broken release (bsc#1190596).
  o cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
  o debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#
    1173746).
  o devlink: Break parameter notification sequence to be before/after unload/
    load driver (bsc#1154353).
  o dmaengine: ioat: depends on !UML (git-fixes).
  o dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
  o dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
  o docs: Fix infiniband uverbs minor number (git-fixes).
  o drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in
    amdgpu_dm_update_backlight_caps (git-fixes).
  o drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
  o drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
    (git-fixes).
  o drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
  o drm/amdgpu: Fix BUG_ON assert (git-fixes).
  o drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
  o drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
  o drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
  o e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
  o e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
  o EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
  o EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
  o erofs: fix up erofs_lookup tracepoint (git-fixes).
  o fbmem: do not allow too huge resolutions (git-fixes).
  o fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
    (git-fixes).
  o fpga: machxo2-spi: Return an error on failure (git-fixes).
  o fuse: flush extending writes (bsc#1190595).
  o fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
  o genirq: add device_has_managed_msi_irq (bsc#1185762).
  o gpio: uniphier: Fix void functions to remove return value (git-fixes).
  o gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
    access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
  o gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
  o hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#
    SLE-18779, bsc#1185726).
  o hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#
    1185726).
  o hwmon: (mlxreg-fan) Return non-zero value when fan current state is
    enforced from sysfs (git-fixes).
  o hwmon: (tmp421) fix rounding for negative values (git-fixes).
  o hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
  o i40e: Add additional info to PHY type error (git-fixes).
  o i40e: Fix firmware LLDP agent related warning (git-fixes).
  o i40e: Fix log TC creation failure when max num of queues is exceeded
    (git-fixes).
  o i40e: Fix logic of disabling queues (git-fixes).
  o i40e: Fix queue-to-TC mapping on Tx (git-fixes).
  o iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#
    SLE-7940).
  o iavf: Set RSS LUT and key in reset handle path (git-fixes).
  o ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
  o ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
  o ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
  o ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
  o ice: Prevent probing virtual functions (git-fixes).
  o iio: dac: ad5624r: Fix incorrect handling of an optional regulator
    (git-fixes).
  o include/linux/list.h: add a macro to test if entry is pointing to the head
    (git-fixes).
  o iomap: Fix negative assignment to unsigned sis->pages in
    iomap_swapfile_activate (bsc#1190784).
  o ionic: cleanly release devlink instance (bsc#1167773).
  o ionic: count csum_none when offload enabled (bsc#1167773).
  o ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#
    1190115).
  o ipc/util.c: use binary search for max_idx (bsc#1159886).
  o ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
  o ipvs: avoid expiring many connections from timer (bsc#1190467).
  o ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
  o ipvs: queue delayed work to expire no destination connections if
    expire_nodest_conn=1 (bsc#1190467).
  o iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
    (git-fixes).
  o kernel-binary.spec: Check for no kernel signing certificates. Also remove
    unused variable.
  o kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358).
    Copy the code from kernel-module-subpackage that deals with empty KMPs.
  o kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
    bsc#1191240 ltc#194716).
  o kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#
    1190358). The script part for base package case is completely separate from
    the part for subpackages. Remove the part for subpackages from the base
    package script and use the KMP scripts for subpackages instead.
  o libata: fix ata_host_start() (git-fixes).
  o mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
  o mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
  o mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
  o mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    (git-fixes).
  o mac80211: mesh: fix potentially unaligned access (git-fixes).
  o media: cedrus: Fix SUNXI tile size calculation (git-fixes).
  o media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
  o media: dib8000: rewrite the init prbs logic (git-fixes).
  o media: imx258: Limit the max analogue gain to 480 (git-fixes).
  o media: imx258: Rectify mismatch of VTS value (git-fixes).
  o media: rc-loopback: return number of emitters rather than error
    (git-fixes).
  o media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
  o media: uvc: do not do DMA on stack (git-fixes).
  o media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
  o mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
  o mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
  o mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
  o mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
  o mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
  o mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
  o mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
  o net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
  o net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
  o net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
  o net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: remove redundant initialization of variable err (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
  o net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
  o net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
  o net/mlx5: E-Switch, handle devcom events only for ports on the same device
    (git-fixes).
  o net/mlx5: Fix flow table chaining (git-fixes).
  o net/mlx5: Fix return value from tracer initialization (git-fixes).
  o net/mlx5: Unload device upon firmware fatal error (git-fixes).
  o net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
  o net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
  o net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
  o netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#
    1190062).
  o nfp: update ethtool reporting of pauseframe control (git-fixes).
  o NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
  o NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
  o NFS: pass cred explicitly for access tests (bsc#1190746).
  o nvme: avoid race in shutdown namespace removal (bsc#1188067).
  o nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
  o parport: remove non-zero check on count (git-fixes).
  o PCI: aardvark: Fix checking for PIO status (git-fixes).
  o PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    (git-fixes).
  o PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO
    response (git-fixes).
  o PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
  o PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
  o PCI: Add AMD GPU multi-function power dependencies (git-fixes).
  o PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
  o PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
  o PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
  o PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
  o PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
  o PCI: Use pci_update_current_state() in pci_enable_device_flags()
    (git-fixes).
  o PM: base: power: do not try to use non-existing RTC for storing data
    (git-fixes).
  o PM: EM: Increase energy calculation precision (git-fixes).
  o power: supply: axp288_fuel_gauge: Report register-address on readb / writeb
    errors (git-fixes).
  o power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
  o powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
  o powerpc: fix function annotations to avoid section mismatch warnings with
    gcc-10 (bsc#1148868).
  o powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
  o powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#
    1065729).
  o powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
    (bsc#1065729).
  o powerpc/perf: Fix the check for SIAR value (bsc#1065729).
  o powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
  o powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
  o powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#
    1065729).
  o powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
  o powerpc/powernv: Fix machine check reporting of async store errors (bsc#
    1065729).
  o powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#
    1190620 ltc#194498).
  o powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
  o pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
  o pwm: img: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
  o qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
  o RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#
    1170774).
  o Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
  o regmap: fix page selection for noinc reads (git-fixes).
  o regmap: fix page selection for noinc writes (git-fixes).
  o regmap: fix the offset of register error log (git-fixes).
  o Restore kabi after NFS: pass cred explicitly for access tests (bsc#
    1190746).
  o rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary
    and KMP scriptlets to suse-module-tools. This allows fixing bugs in the
    scriptlets as well as defining initrd regeneration policy independent of
    the kernel packages.
  o rpm/kernel-binary.spec: Use only non-empty certificates.
  o rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had
    arbitrary values in staging, we can't use it for dependencies. The
    filesystem one has to be enough (boo#1184804).
  o rtc: rx8010: select REGMAP_I2C (git-fixes).
  o rtc: tps65910: Correct driver module alias (git-fixes).
  o s390/unwind: use current_frame_address() to unwind current task (bsc#
    1185677).
  o sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
  o scsi: core: Add helper to return number of logical blocks in a request (bsc
    #1190576).
  o scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
  o scsi: fc: Add EDC ELS definition (bsc#1190576).
  o scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
  o scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
  o scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
  o scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
  o scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
  o scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
  o scsi: lpfc: Add EDC ELS support (bsc#1190576).
  o scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
  o scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
  o scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware
    (bsc#1190576).
  o scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
  o scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#
    1190576).
  o scsi: lpfc: Add support for the CM framework (bsc#1190576).
  o scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#
    1190576).
  o scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
  o scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding
    (bsc#1190576).
  o scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
  o scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
  o scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#
    1190576).
  o scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing
    (bsc#1190576).
  o scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
  o scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
  o scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
  o scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
  o scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#
    1190576).
  o scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
  o scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
  o scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#
    1190576).
  o scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
  o scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#
    1190576).
  o scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
  o scsi: lpfc: Remove unneeded variable (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
  o scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
  o scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#
    1190576).
  o scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
  o scsi: lpfc: Zero CGN stats only during initial driver load and stat reset
    (bsc#1190576).
  o scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
  o serial: 8250_pci: make setup_port() parameters explicitly unsigned
    (git-fixes).
  o serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
  o serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
  o serial: sh-sci: fix break handling for sysrq (git-fixes).
  o spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
  o staging: board: Fix uninitialized spinlock when attaching genpd
    (git-fixes).
  o staging: ks7010: Fix the initialization of the 'sleep_status' structure
    (git-fixes).
  o staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
  o thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
    (git-fixes).
  o time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
  o tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
  o tty: serial: jsm: hold port lock when reporting modem line changes
    (git-fixes).
  o tty: synclink_gt, drop unneeded forward declarations (git-fixes).
  o Update kabi files.
  o usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
  o usb: core: hcd: Add support for deferring roothub registration (git-fixes).
  o usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails
    (git-fixes).
  o usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
  o usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
  o usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
    (git-fixes).
  o usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
  o usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
  o usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
  o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
  o usb: host: fotg210: fix the endpoint's transactional opportunities
    calculation (git-fixes).
  o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
  o usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
    (git-fixes).
  o usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
    (git-fixes).
  o usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
  o usb: serial: option: add Telit LN920 compositions (git-fixes).
  o usb: serial: option: remove duplicate USB device ID (git-fixes).
  o usbip: give back URBs for unsent unlink requests during cleanup
    (git-fixes).
  o usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
  o video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
  o video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
  o vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
  o vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
  o vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
  o vmxnet3: prepare for version 6 changes (bsc#1190406).
  o vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
  o vmxnet3: set correct hash type based on rss information (bsc#1190406).
  o vmxnet3: update to version 6 (bsc#1190406).
  o watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
    (git-fixes).
  o x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#
    1185302).
  o x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
  o x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
  o x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    (bsc#1152489).
  o x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#
    1152489).
  o x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
  o xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
  o xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
  o xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    (git-fixes).
  o xhci: Set HCD flag to defer primary roothub registration (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Public Cloud 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2021-3337=1

Package List:

  o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
       kernel-azure-5.3.18-18.69.1
       kernel-azure-debuginfo-5.3.18-18.69.1
       kernel-azure-debugsource-5.3.18-18.69.1
       kernel-azure-devel-5.3.18-18.69.1
       kernel-azure-devel-debuginfo-5.3.18-18.69.1
       kernel-syms-azure-5.3.18-18.69.1
  o SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch):
       kernel-devel-azure-5.3.18-18.69.1
       kernel-source-azure-5.3.18-18.69.1


References:

  o https://www.suse.com/security/cve/CVE-2020-3702.html
  o https://www.suse.com/security/cve/CVE-2021-3669.html
  o https://www.suse.com/security/cve/CVE-2021-3744.html
  o https://www.suse.com/security/cve/CVE-2021-3752.html
  o https://www.suse.com/security/cve/CVE-2021-3764.html
  o https://www.suse.com/security/cve/CVE-2021-40490.html
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1148868
  o https://bugzilla.suse.com/1152489
  o https://bugzilla.suse.com/1154353
  o https://bugzilla.suse.com/1159886
  o https://bugzilla.suse.com/1167773
  o https://bugzilla.suse.com/1170774
  o https://bugzilla.suse.com/1173746
  o https://bugzilla.suse.com/1176940
  o https://bugzilla.suse.com/1184439
  o https://bugzilla.suse.com/1184804
  o https://bugzilla.suse.com/1185302
  o https://bugzilla.suse.com/1185677
  o https://bugzilla.suse.com/1185726
  o https://bugzilla.suse.com/1185762
  o https://bugzilla.suse.com/1187167
  o https://bugzilla.suse.com/1188067
  o https://bugzilla.suse.com/1188651
  o https://bugzilla.suse.com/1188986
  o https://bugzilla.suse.com/1189297
  o https://bugzilla.suse.com/1189841
  o https://bugzilla.suse.com/1189884
  o https://bugzilla.suse.com/1190023
  o https://bugzilla.suse.com/1190062
  o https://bugzilla.suse.com/1190115
  o https://bugzilla.suse.com/1190159
  o https://bugzilla.suse.com/1190358
  o https://bugzilla.suse.com/1190406
  o https://bugzilla.suse.com/1190432
  o https://bugzilla.suse.com/1190467
  o https://bugzilla.suse.com/1190523
  o https://bugzilla.suse.com/1190534
  o https://bugzilla.suse.com/1190543
  o https://bugzilla.suse.com/1190576
  o https://bugzilla.suse.com/1190595
  o https://bugzilla.suse.com/1190596
  o https://bugzilla.suse.com/1190598
  o https://bugzilla.suse.com/1190620
  o https://bugzilla.suse.com/1190626
  o https://bugzilla.suse.com/1190679
  o https://bugzilla.suse.com/1190705
  o https://bugzilla.suse.com/1190717
  o https://bugzilla.suse.com/1190746
  o https://bugzilla.suse.com/1190758
  o https://bugzilla.suse.com/1190784
  o https://bugzilla.suse.com/1190785
  o https://bugzilla.suse.com/1191172
  o https://bugzilla.suse.com/1191193
  o https://bugzilla.suse.com/1191240
  o https://bugzilla.suse.com/1191292


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3339-1
Rating:            important
References:        #1065729 #1148868 #1152489 #1154353 #1159886 #1167773
                   #1170774 #1173746 #1176940 #1184439 #1184804 #1185302
                   #1185677 #1185726 #1185762 #1187167 #1188067 #1188651
                   #1188986 #1189297 #1189841 #1189884 #1190023 #1190062
                   #1190115 #1190159 #1190358 #1190406 #1190432 #1190467
                   #1190523 #1190534 #1190543 #1190576 #1190595 #1190596
                   #1190598 #1190620 #1190626 #1190679 #1190705 #1190717
                   #1190746 #1190758 #1190784 #1190785 #1191172 #1191193
                   #1191240 #1191292
Cross-References:  CVE-2020-3702 CVE-2021-3669 CVE-2021-3744 CVE-2021-3752
                   CVE-2021-3764 CVE-2021-40490
Affected Products:
                   SUSE MicroOS 5.0
                   SUSE Linux Enterprise Module for Realtime 15-SP2
______________________________________________________________________________

An update that solves 6 vulnerabilities and has 44 fixes is now available.

Description:


The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive
various security and bugfixes.
The following security bugs were fixed:

  o CVE-2020-3702: Fixed a bug which could be triggered with specifically timed
    and handcrafted traffic and cause internal errors in a WLAN device that
    lead to improper layer 2 Wi-Fi encryption with a consequent possibility of
    information disclosure. (bnc#1191193)
  o CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's
    bluetooth module. (bsc#1190023)
  o CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem
    that could leat to local priviledge escalation. (bnc#1190159)
  o CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1189884)
  o CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1190534)
  o CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale
    with large shared memory segment counts which could lead to resource
    exhaustion and DoS. (bsc#1188986)


The following non-security bugs were fixed:

  o ALSA: firewire-motu: fix truncated bytes in message tracepoints
    (git-fixes).
  o apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
  o ASoC: fsl_micfil: register platform component before registering cpu dai
    (git-fixes).
  o ASoC: mediatek: common: handle NULL case in suspend/resume function
    (git-fixes).
  o ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
  o ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
  o ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
  o ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
  o ath9k: fix sleeping in atomic context (git-fixes).
  o backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
  o blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  o blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  o blk-mq: mark if one queue map uses managed irq (bsc#1185762).
  o Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
  o bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
  o bnxt_en: Add missing DMA memory barriers (git-fixes).
  o bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
  o bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
  o bnxt_en: Store the running firmware version code (git-fixes).
  o bnxt: count Tx drops (git-fixes).
  o bnxt: disable napi before canceling DIM (git-fixes).
  o bnxt: do not lock the tx queue from napi poll (git-fixes).
  o bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
  o btrfs: prevent rename2 from exchanging a subvol with a directory from
    different parents (bsc#1190626).
  o clk: at91: clk-generated: Limit the requested rate to our range
    (git-fixes).
  o clk: at91: clk-generated: pass the id of changeable parent at registration
    (git-fixes).
  o console: consume APC, DM, DCS (git-fixes).
  o cuse: fix broken release (bsc#1190596).
  o cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
  o debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#
    1173746).
  o devlink: Break parameter notification sequence to be before/after unload/
    load driver (bsc#1154353).
  o dmaengine: ioat: depends on !UML (git-fixes).
  o dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
  o dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
  o docs: Fix infiniband uverbs minor number (git-fixes).
  o drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in
    amdgpu_dm_update_backlight_caps (git-fixes).
  o drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
  o drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
    (git-fixes).
  o drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
  o drm/amdgpu: Fix BUG_ON assert (git-fixes).
  o drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
  o drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
  o drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
  o e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
  o e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
  o EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
  o EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
  o erofs: fix up erofs_lookup tracepoint (git-fixes).
  o fbmem: do not allow too huge resolutions (git-fixes).
  o fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
    (git-fixes).
  o fpga: machxo2-spi: Return an error on failure (git-fixes).
  o fuse: flush extending writes (bsc#1190595).
  o fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
  o genirq: add device_has_managed_msi_irq (bsc#1185762).
  o gpio: uniphier: Fix void functions to remove return value (git-fixes).
  o gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
    access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
  o gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
  o hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#
    SLE-18779, bsc#1185726).
  o hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#
    1185726).
  o hwmon: (mlxreg-fan) Return non-zero value when fan current state is
    enforced from sysfs (git-fixes).
  o hwmon: (tmp421) fix rounding for negative values (git-fixes).
  o hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
  o i40e: Add additional info to PHY type error (git-fixes).
  o i40e: Fix firmware LLDP agent related warning (git-fixes).
  o i40e: Fix log TC creation failure when max num of queues is exceeded
    (git-fixes).
  o i40e: Fix logic of disabling queues (git-fixes).
  o i40e: Fix queue-to-TC mapping on Tx (git-fixes).
  o iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#
    SLE-7940).
  o iavf: Set RSS LUT and key in reset handle path (git-fixes).
  o ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
  o ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
  o ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
  o ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
  o ice: Prevent probing virtual functions (git-fixes).
  o iio: dac: ad5624r: Fix incorrect handling of an optional regulator
    (git-fixes).
  o include/linux/list.h: add a macro to test if entry is pointing to the head
    (git-fixes).
  o iomap: Fix negative assignment to unsigned sis->pages in
    iomap_swapfile_activate (bsc#1190784).
  o ionic: cleanly release devlink instance (bsc#1167773).
  o ionic: count csum_none when offload enabled (bsc#1167773).
  o ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#
    1190115).
  o ipc/util.c: use binary search for max_idx (bsc#1159886).
  o ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
  o ipvs: avoid expiring many connections from timer (bsc#1190467).
  o ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
  o ipvs: queue delayed work to expire no destination connections if
    expire_nodest_conn=1 (bsc#1190467).
  o iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
    (git-fixes).
  o kernel-binary.spec: Check for no kernel signing certificates. Also remove
    unused variable.
  o kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358).
    Copy the code from kernel-module-subpackage that deals with empty KMPs.
  o kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
    bsc#1191240 ltc#194716).
  o kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#
    1190358). The script part for base package case is completely separate from
    the part for subpackages. Remove the part for subpackages from the base
    package script and use the KMP scripts for subpackages instead.
  o libata: fix ata_host_start() (git-fixes).
  o mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
  o mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
  o mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
  o mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    (git-fixes).
  o mac80211: mesh: fix potentially unaligned access (git-fixes).
  o media: cedrus: Fix SUNXI tile size calculation (git-fixes).
  o media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
  o media: dib8000: rewrite the init prbs logic (git-fixes).
  o media: imx258: Limit the max analogue gain to 480 (git-fixes).
  o media: imx258: Rectify mismatch of VTS value (git-fixes).
  o media: rc-loopback: return number of emitters rather than error
    (git-fixes).
  o media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
  o media: uvc: do not do DMA on stack (git-fixes).
  o media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
  o mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
  o mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
  o mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
  o mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
  o mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
  o mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
  o mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
  o net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
  o net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
  o net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
  o net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: remove redundant initialization of variable err (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
  o net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
  o net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
  o net/mlx5: E-Switch, handle devcom events only for ports on the same device
    (git-fixes).
  o net/mlx5: Fix flow table chaining (git-fixes).
  o net/mlx5: Fix return value from tracer initialization (git-fixes).
  o net/mlx5: Unload device upon firmware fatal error (git-fixes).
  o net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
  o net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
  o net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
  o netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#
    1190062).
  o nfp: update ethtool reporting of pauseframe control (git-fixes).
  o NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
  o NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
  o NFS: pass cred explicitly for access tests (bsc#1190746).
  o nvme: avoid race in shutdown namespace removal (bsc#1188067).
  o nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
  o parport: remove non-zero check on count (git-fixes).
  o PCI: aardvark: Fix checking for PIO status (git-fixes).
  o PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    (git-fixes).
  o PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO
    response (git-fixes).
  o PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
  o PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
  o PCI: Add AMD GPU multi-function power dependencies (git-fixes).
  o PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
  o PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
  o PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
  o PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
  o PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
  o PCI: Use pci_update_current_state() in pci_enable_device_flags()
    (git-fixes).
  o PM: base: power: do not try to use non-existing RTC for storing data
    (git-fixes).
  o PM: EM: Increase energy calculation precision (git-fixes).
  o power: supply: axp288_fuel_gauge: Report register-address on readb / writeb
    errors (git-fixes).
  o power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
  o powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
  o powerpc: fix function annotations to avoid section mismatch warnings with
    gcc-10 (bsc#1148868).
  o powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
  o powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#
    1065729).
  o powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
    (bsc#1065729).
  o powerpc/perf: Fix the check for SIAR value (bsc#1065729).
  o powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
  o powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
  o powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#
    1065729).
  o powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
  o powerpc/powernv: Fix machine check reporting of async store errors (bsc#
    1065729).
  o powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#
    1190620 ltc#194498).
  o powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
  o pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
  o pwm: img: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
  o qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
  o RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#
    1170774).
  o Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
  o regmap: fix page selection for noinc reads (git-fixes).
  o regmap: fix page selection for noinc writes (git-fixes).
  o regmap: fix the offset of register error log (git-fixes).
  o Restore kabi after NFS: pass cred explicitly for access tests (bsc#
    1190746).
  o rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary
    and KMP scriptlets to suse-module-tools. This allows fixing bugs in the
    scriptlets as well as defining initrd regeneration policy independent of
    the kernel packages.
  o rpm/kernel-binary.spec: Use only non-empty certificates.
  o rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had
    arbitrary values in staging, we can't use it for dependencies. The
    filesystem one has to be enough (boo#1184804).
  o rtc: rx8010: select REGMAP_I2C (git-fixes).
  o rtc: tps65910: Correct driver module alias (git-fixes).
  o s390/unwind: use current_frame_address() to unwind current task (bsc#
    1185677).
  o sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
  o scsi: core: Add helper to return number of logical blocks in a request (bsc
    #1190576).
  o scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
  o scsi: fc: Add EDC ELS definition (bsc#1190576).
  o scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
  o scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
  o scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
  o scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
  o scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
  o scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
  o scsi: lpfc: Add EDC ELS support (bsc#1190576).
  o scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
  o scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
  o scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware
    (bsc#1190576).
  o scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
  o scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#
    1190576).
  o scsi: lpfc: Add support for the CM framework (bsc#1190576).
  o scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#
    1190576).
  o scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
  o scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding
    (bsc#1190576).
  o scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
  o scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
  o scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#
    1190576).
  o scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing
    (bsc#1190576).
  o scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
  o scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
  o scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
  o scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
  o scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#
    1190576).
  o scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
  o scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
  o scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#
    1190576).
  o scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
  o scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#
    1190576).
  o scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
  o scsi: lpfc: Remove unneeded variable (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
  o scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
  o scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#
    1190576).
  o scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
  o scsi: lpfc: Zero CGN stats only during initial driver load and stat reset
    (bsc#1190576).
  o scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
  o serial: 8250_pci: make setup_port() parameters explicitly unsigned
    (git-fixes).
  o serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
  o serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
  o serial: sh-sci: fix break handling for sysrq (git-fixes).
  o spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
  o staging: board: Fix uninitialized spinlock when attaching genpd
    (git-fixes).
  o staging: ks7010: Fix the initialization of the 'sleep_status' structure
    (git-fixes).
  o staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
  o thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
    (git-fixes).
  o time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
  o tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
  o tty: serial: jsm: hold port lock when reporting modem line changes
    (git-fixes).
  o tty: synclink_gt, drop unneeded forward declarations (git-fixes).
  o usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
  o usb: core: hcd: Add support for deferring roothub registration (git-fixes).
  o usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails
    (git-fixes).
  o usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
  o usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
  o usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
    (git-fixes).
  o usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
  o usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
  o usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
  o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
  o usb: host: fotg210: fix the endpoint's transactional opportunities
    calculation (git-fixes).
  o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
  o usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
    (git-fixes).
  o usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
    (git-fixes).
  o usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
  o usb: serial: option: add Telit LN920 compositions (git-fixes).
  o usb: serial: option: remove duplicate USB device ID (git-fixes).
  o usbip: give back URBs for unsent unlink requests during cleanup
    (git-fixes).
  o usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
  o video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
  o video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
  o vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
  o vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
  o vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
  o vmxnet3: prepare for version 6 changes (bsc#1190406).
  o vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
  o vmxnet3: set correct hash type based on rss information (bsc#1190406).
  o vmxnet3: update to version 6 (bsc#1190406).
  o watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
    (git-fixes).
  o x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#
    1185302).
  o x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
  o x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
  o x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    (bsc#1152489).
  o x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#
    1152489).
  o x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
  o xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
  o xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
  o xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    (git-fixes).
  o xhci: Set HCD flag to defer primary roothub registration (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE MicroOS 5.0:
    zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-3339=1
  o SUSE Linux Enterprise Module for Realtime 15-SP2:
    zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-3339=1

Package List:

  o SUSE MicroOS 5.0 (x86_64):
       kernel-rt-5.3.18-54.1
       kernel-rt-debuginfo-5.3.18-54.1
       kernel-rt-debugsource-5.3.18-54.1
  o SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64):
       cluster-md-kmp-rt-5.3.18-54.1
       cluster-md-kmp-rt-debuginfo-5.3.18-54.1
       dlm-kmp-rt-5.3.18-54.1
       dlm-kmp-rt-debuginfo-5.3.18-54.1
       gfs2-kmp-rt-5.3.18-54.1
       gfs2-kmp-rt-debuginfo-5.3.18-54.1
       kernel-rt-5.3.18-54.1
       kernel-rt-debuginfo-5.3.18-54.1
       kernel-rt-debugsource-5.3.18-54.1
       kernel-rt-devel-5.3.18-54.1
       kernel-rt-devel-debuginfo-5.3.18-54.1
       kernel-rt_debug-5.3.18-54.1
       kernel-rt_debug-debuginfo-5.3.18-54.1
       kernel-rt_debug-debugsource-5.3.18-54.1
       kernel-rt_debug-devel-5.3.18-54.1
       kernel-rt_debug-devel-debuginfo-5.3.18-54.1
       kernel-syms-rt-5.3.18-54.1
       ocfs2-kmp-rt-5.3.18-54.1
       ocfs2-kmp-rt-debuginfo-5.3.18-54.1
  o SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch):
       kernel-devel-rt-5.3.18-54.1
       kernel-source-rt-5.3.18-54.1


References:

  o https://www.suse.com/security/cve/CVE-2020-3702.html
  o https://www.suse.com/security/cve/CVE-2021-3669.html
  o https://www.suse.com/security/cve/CVE-2021-3744.html
  o https://www.suse.com/security/cve/CVE-2021-3752.html
  o https://www.suse.com/security/cve/CVE-2021-3764.html
  o https://www.suse.com/security/cve/CVE-2021-40490.html
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1148868
  o https://bugzilla.suse.com/1152489
  o https://bugzilla.suse.com/1154353
  o https://bugzilla.suse.com/1159886
  o https://bugzilla.suse.com/1167773
  o https://bugzilla.suse.com/1170774
  o https://bugzilla.suse.com/1173746
  o https://bugzilla.suse.com/1176940
  o https://bugzilla.suse.com/1184439
  o https://bugzilla.suse.com/1184804
  o https://bugzilla.suse.com/1185302
  o https://bugzilla.suse.com/1185677
  o https://bugzilla.suse.com/1185726
  o https://bugzilla.suse.com/1185762
  o https://bugzilla.suse.com/1187167
  o https://bugzilla.suse.com/1188067
  o https://bugzilla.suse.com/1188651
  o https://bugzilla.suse.com/1188986
  o https://bugzilla.suse.com/1189297
  o https://bugzilla.suse.com/1189841
  o https://bugzilla.suse.com/1189884
  o https://bugzilla.suse.com/1190023
  o https://bugzilla.suse.com/1190062
  o https://bugzilla.suse.com/1190115
  o https://bugzilla.suse.com/1190159
  o https://bugzilla.suse.com/1190358
  o https://bugzilla.suse.com/1190406
  o https://bugzilla.suse.com/1190432
  o https://bugzilla.suse.com/1190467
  o https://bugzilla.suse.com/1190523
  o https://bugzilla.suse.com/1190534
  o https://bugzilla.suse.com/1190543
  o https://bugzilla.suse.com/1190576
  o https://bugzilla.suse.com/1190595
  o https://bugzilla.suse.com/1190596
  o https://bugzilla.suse.com/1190598
  o https://bugzilla.suse.com/1190620
  o https://bugzilla.suse.com/1190626
  o https://bugzilla.suse.com/1190679
  o https://bugzilla.suse.com/1190705
  o https://bugzilla.suse.com/1190717
  o https://bugzilla.suse.com/1190746
  o https://bugzilla.suse.com/1190758
  o https://bugzilla.suse.com/1190784
  o https://bugzilla.suse.com/1190785
  o https://bugzilla.suse.com/1191172
  o https://bugzilla.suse.com/1191193
  o https://bugzilla.suse.com/1191240
  o https://bugzilla.suse.com/1191292


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3415-1
Rating:            important
References:        #1065729 #1124431 #1127650 #1135481 #1148868 #1152489
                   #1154353 #1159886 #1167032 #1167773 #1168202 #1170774
                   #1171420 #1171688 #1173746 #1174003 #1175543 #1176447
                   #1176940 #1177028 #1177399 #1178134 #1180141 #1180347
                   #1181006 #1181972 #1184114 #1184439 #1184611 #1184804
                   #1185302 #1185550 #1185675 #1185677 #1185726 #1185762
                   #1185898 #1187211 #1187455 #1187591 #1187619 #1188067
                   #1188172 #1188270 #1188412 #1188418 #1188439 #1188616
                   #1188651 #1188694 #1188700 #1188878 #1188924 #1188983
                   #1188985 #1188986 #1189153 #1189225 #1189257 #1189262
                   #1189297 #1189301 #1189399 #1189400 #1189503 #1189504
                   #1189505 #1189506 #1189507 #1189562 #1189563 #1189564
                   #1189565 #1189566 #1189567 #1189568 #1189569 #1189573
                   #1189574 #1189575 #1189576 #1189577 #1189579 #1189581
                   #1189582 #1189583 #1189585 #1189586 #1189587 #1189696
                   #1189706 #1189760 #1189762 #1189832 #1189841 #1189870
                   #1189872 #1189883 #1189884 #1190022 #1190023 #1190025
                   #1190062 #1190115 #1190117 #1190131 #1190138 #1190159
                   #1190181 #1190358 #1190406 #1190412 #1190413 #1190428
                   #1190467 #1190523 #1190534 #1190543 #1190544 #1190561
                   #1190576 #1190595 #1190596 #1190598 #1190620 #1190626
                   #1190679 #1190705 #1190717 #1190746 #1190758 #1190784
                   #1190785 #1191172 #1191193 #1191292 #859220
Cross-References:  CVE-2020-12770 CVE-2020-3702 CVE-2021-34556 CVE-2021-35477
                   CVE-2021-3653 CVE-2021-3656 CVE-2021-3669 CVE-2021-3732
                   CVE-2021-3739 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752
                   CVE-2021-3753 CVE-2021-3759 CVE-2021-3764 CVE-2021-38160
                   CVE-2021-38198 CVE-2021-40490
Affected Products:
                   SUSE MicroOS 5.1
                   SUSE Linux Enterprise Module for Realtime 15-SP3
______________________________________________________________________________

An update that solves 18 vulnerabilities and has 119 fixes is now available.

Description:


The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:

  o CVE-2020-3702: Fixed a bug which could be triggered with specifically timed
    and handcrafted traffic and cause internal errors in a WLAN device that
    lead to improper layer 2 Wi-Fi encryption with a consequent possibility of
    information disclosure. (bnc#1191193)
  o CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's
    bluetooth module. (bsc#1190023)
  o CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem
    that could leat to local priviledge escalation. (bnc#1190159)
  o CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1189884)
  o CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial
    of service. (bsc#1190534)
  o CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale
    with large shared memory segment counts which could lead to resource
    exhaustion and DoS. (bsc#1188986)
  o CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to
    breaking memcg limits and DoS attacks (bsc#1190115).
  o CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
    via unprivileged BPF program that could have obtain sensitive information
    from kernel memory (bsc#1188983).
  o CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused
    to disclose content of arbitrary kernel memory (bsc#1188985).
  o CVE-2021-38160: Data corruption or loss could be triggered by an untrusted
    device that supplies a buf->len value exceeding the buffer size in drivers/
    char/virtio_console.c (bsc#1190117)
  o CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#
    1190025).
  o CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
  o CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by
    invalid id (bsc#1189832 ).
  o CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can
    reveal files (bsc#1189706).
  o CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a
    malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
  o CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and
    allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
    VLS for the L2 guest (bsc#1189400).
  o CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
    access permissions of a shadow page, leading to a missing guest protection
    page fault (bnc#1189262).
  o CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases
    (bsc#1171420).


The following non-security bugs were fixed:

  o ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
  o ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
  o ACPI: processor: Export function to claim _CST control (bsc#1175543)
  o ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
  o ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#
    1175543)
  o ALSA: firewire-motu: fix truncated bytes in message tracepoints
    (git-fixes).
  o ALSA: hda - fix the 'Capture Switch' value change notifications
    (git-fixes).
  o ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop
    (git-fixes).
  o ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
  o ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (git-fixes).
  o ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
    (git-fixes).
  o ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17
    (git-fixes).
  o ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
  o ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
  o ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (git-fixes).
  o ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
  o apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
  o ASoC: component: Remove misplaced prefix handling in pin control functions
    (git-fixes).
  o ASoC: fsl_micfil: register platform component before registering cpu dai
    (git-fixes).
  o ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
  o ASoC: Intel: Fix platform ID matching (git-fixes).
  o ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373
    (git-fixes).
  o ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
  o ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
  o ASoC: mediatek: common: handle NULL case in suspend/resume function
    (git-fixes).
  o ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in
    mt8183_afe_pcm_dev_probe (git-fixes).
  o ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
  o ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
  o ASoC: rt5682: Adjust headset volume button threshold (git-fixes).
  o ASoC: rt5682: Adjust headset volume button threshold again (git-fixes).
  o ASoC: rt5682: Implement remove callback (git-fixes).
  o ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
  o ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
  o ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
  o ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
  o ASoC: wcd9335: Disable irq on slave ports in the remove function
    (git-fixes).
  o ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
  o ASoC: wcd9335: Fix a memory leak in the error handling path of the probe
    function (git-fixes).
  o ath: Use safer key clearing with key cache entries (git-fixes).
  o ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
  o ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
  o ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
  o ath9k: fix sleeping in atomic context (git-fixes).
  o Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
  o backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
  o bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
  o bcma: Fix memory leak for internally-handled cores (git-fixes).
  o bdi: Do not use freezable workqueue (bsc#1189573).
  o blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
    (bsc#1189507).
  o blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
  o blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  o blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
  o blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  o blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
  o blk-mq: mark if one queue map uses managed irq (bsc#1185762).
  o blk-mq: mark if one queue map uses managed irq (bsc#1185762).
  o blk-wbt: introduce a new disable state to prevent false positive by
    rwb_enabled() (bsc#1189503).
  o blk-wbt: make sure throttle is enabled properly (bsc#1189504).
  o block: fix trace completion for chained bio (bsc#1189505).
  o Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
  o Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS
    (git-fixes).
  o Bluetooth: btusb: Fix a unspported condition to set available debug
    features (git-fixes).
  o Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
  o Bluetooth: hidp: use correct wait queue when removing ctrl_wait
    (git-fixes).
  o Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
    (git-fixes).
  o Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd
    (git-fixes).
  o Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
    (git-fixes).
  o Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
  o bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
  o bnxt_en: Add missing DMA memory barriers (git-fixes).
  o bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
  o bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
  o bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
  o bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
  o bnxt_en: Store the running firmware version code (git-fixes).
  o bnxt: count Tx drops (git-fixes).
  o bnxt: disable napi before canceling DIM (git-fixes).
  o bnxt: do not lock the tx queue from napi poll (git-fixes).
  o bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
  o bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring
    (git-fixes).
  o bpf: Fix ringbuf helper function compatibility (git-fixes).
  o bpftool: Add sock_release help info for cgroup attach/prog load command
    (bsc#1177028).
  o brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
  o btrfs: account for new extents being deleted in total_bytes_pinned (bsc#
    1135481).
  o btrfs: add a comment explaining the data flush steps (bsc#1135481).
  o btrfs: add a trace class for dumping the current ENOSPC state (bsc#
    1135481).
  o btrfs: add a trace point for reserve tickets (bsc#1135481).
  o btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
  o btrfs: add flushing states for handling data reservations (bsc#1135481).
  o btrfs: add the data transaction commit logic into may_commit_transaction
    (bsc#1135481).
  o btrfs: adjust the flush trace point to include the source (bsc#1135481).
  o btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#
    1135481).
  o btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
  o btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#
    1135481).
  o btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
  o btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
  o btrfs: check tickets after waiting on ordered extents (bsc#1135481).
  o btrfs: do async reclaim for data reservations (bsc#1135481).
  o btrfs: do not force commit if we are data (bsc#1135481).
  o btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
  o btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
  o btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
  o btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
  o btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself
    (bsc#1135481).
  o btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
  o btrfs: implement space clamping for preemptive flushing (bsc#1135481).
  o btrfs: improve preemptive background space flushing (bsc#1135481).
  o btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
  o btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
  o btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#
    1135481).
  o btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
  o btrfs: prevent rename2 from exchanging a subvol with a directory from
    different parents (bsc#1190626).
  o btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
  o btrfs: remove orig from shrink_delalloc (bsc#1135481).
  o btrfs: rename need_do_async_reclaim (bsc#1135481).
  o btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
  o btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
  o btrfs: rip out may_commit_transaction (bsc#1135481).
  o btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#
    1135481).
  o btrfs: run delayed iputs before committing the transaction for data (bsc#
    1135481).
  o btrfs: serialize data reservations if we are flushing (bsc#1135481).
  o btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
  o btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
  o btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
  o btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#
    1135481).
  o btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
  o btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
  o btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc
    #1135481).
  o btrfs: use the same helper for data and metadata reservations (bsc#
    1135481).
  o btrfs: use ticketing for data space reservations (bsc#1135481).
  o can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
    and TX error counters (git-fixes).
  o cgroup: verify that source is a string (bsc#1190131).
  o cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#
    1190181).
  o clk: at91: clk-generated: Limit the requested rate to our range
    (git-fixes).
  o clk: at91: clk-generated: pass the id of changeable parent at registration
    (git-fixes).
  o clk: kirkwood: Fix a clocking boot regression (git-fixes).
  o console: consume APC, DM, DCS (git-fixes).
  o cpuidle: Allow idle states to be disabled by default (bsc#1175543)
  o cpuidle: Consolidate disabled state checks (bsc#1175543)
  o cpuidle: cpuidle_state kABI fix (bsc#1175543)
  o cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
  o cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
  o cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#
    1175543)
  o cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency()
    (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
  o crypto: qat - use proper type for vf_mask (git-fixes).
  o cuse: fix broken release (bsc#1190596).
  o cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
  o debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#
    1173746).
  o device-dax: Fix default return code of range_parse() (git-fixes).
  o devlink: Break parameter notification sequence to be before/after unload/
    load driver (bsc#1154353).
  o devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
  o dm integrity: fix missing goto in bitmap_flush_interval error handling
    (git-fixes).
  o dm rq: fix double free of blk_mq_tag_set in dev remove after table load
    fails (git-fixes).
  o dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
  o dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
  o dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (git-fixes).
  o dmaengine: idxd: clear block on fault flag when clear wq (git-fixes).
  o dmaengine: idxd: fix wq slot allocation index check (git-fixes).
  o dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
  o dmaengine: ioat: depends on !UML (git-fixes).
  o dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is
    not yet available (git-fixes).
  o dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
  o dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
  o dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
    (git-fixes).
  o dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
  o docs: Fix infiniband uverbs minor number (git-fixes).
  o Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
  o drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in
    amdgpu_dm_update_backlight_caps (git-fixes).
  o drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
  o drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
  o drm: Copy drm_wait_vblank to user before returning (git-fixes).
  o drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex
    (git-fixes).
  o drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes).
  o drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
  o drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes).
  o drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes).
  o drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes).
  o drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes).
  o drm/amdgpu: Fix BUG_ON assert (git-fixes).
  o drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir
    (git-fixes).
  o drm/amdgpu/acp: Make PM domain really work (git-fixes).
  o drm/ast: Fix missing conversions to managed API (git-fixes).
  o drm/dp_mst: Fix return code on sideband message failure (git-fixes).
  o drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
  o drm/i915: Add more AUX CHs to the enum (bsc#1188700).
  o drm/i915: Add VBT AUX CH H and I (bsc#1188700).
  o drm/i915: Add VBT DVO ports H and I (bsc#1188700).
  o drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
  o drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#
    1188700).
  o drm/i915: Introduce HPD_PORT_TC (bsc#1188700).
  o drm/i915: Move hpd_pin setup to encoder init (bsc#1188700).
  o drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700).
  o drm/i915/dg1: gmbus pin mapping (bsc#1188700).
  o drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700).
  o drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos
    (bsc#1188700).
  o drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#
    1188700).
  o drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700).
  o drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700).
  o drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700).
  o drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
  o drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
  o drm/mgag200: Select clock in PLL update functions (git-fixes).
  o drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
  o drm/msm: Fix error return code in msm_drm_init() (git-fixes).
  o drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs
    (git-fixes).
  o drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
  o drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
  o drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision
    (git-fixes).
  o drm/nouveau/disp: power down unused DP links during init (git-fixes).
  o drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences
    (git-fixes).
  o drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
  o drm/of: free the iterator object on failure (git-fixes).
  o drm/of: free the right object (git-fixes).
  o drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
  o drm/panfrost: Fix missing clk_disable_unprepare() on error in
    panfrost_clk_init() (git-fixes).
  o drm/panfrost: Simplify lock_region calculation (git-fixes).
  o drm/panfrost: Use u64 for size in lock_region (git-fixes).
  o drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
  o drm/prime: fix comment on PRIME Helpers (git-fixes).
  o drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused
    (git-fixes).
  o e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
  o e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
  o EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
  o EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
  o EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
  o enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
  o erofs: fix up erofs_lookup tracepoint (git-fixes).
  o ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
    transaction handle (bsc#1189568).
  o ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
  o ext4: fix avefreec in find_group_orlov (bsc#1189566).
  o ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
  o ext4: fix potential htree corruption when growing large_dir directories
    (bsc#1189576).
  o ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
  o ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
  o ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
  o fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
  o fbmem: do not allow too huge resolutions (git-fixes).
  o fpga: altera-freeze-bridge: Address warning about unused variable
    (git-fixes).
  o fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
    (git-fixes).
  o fpga: machxo2-spi: Return an error on failure (git-fixes).
  o fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
  o fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
  o fuse: flush extending writes (bsc#1190595).
  o fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
  o genirq: add device_has_managed_msi_irq (bsc#1185762).
  o genirq: add device_has_managed_msi_irq (bsc#1185762).
  o gpio: mpc8xxx: Fix a resources leak in the error handling path of
    'mpc8xxx_probe()' (git-fixes).
  o gpio: uniphier: Fix void functions to remove return value (git-fixes).
  o gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable
    access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
  o gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V
    formats (git-fixes).
  o gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V
    formats (git-fixes).
  o gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
  o HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
  o HID: input: do not report stylus battery state as "full" (git-fixes).
  o hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#
    SLE-18779, bsc#1185726).
  o hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#
    1185726).
  o hwmon: (mlxreg-fan) Return non-zero value when fan current state is
    enforced from sysfs (git-fixes).
  o hwmon: (tmp421) fix rounding for negative values (git-fixes).
  o hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
  o i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
  o i2c: highlander: add IRQ check (git-fixes).
  o i2c: iop3xx: fix deferred probing (git-fixes).
  o i2c: mt65xx: fix IRQ check (git-fixes).
  o i2c: s3c2410: fix IRQ check (git-fixes).
  o i40e: Add additional info to PHY type error (git-fixes).
  o i40e: Fix firmware LLDP agent related warning (git-fixes).
  o i40e: Fix log TC creation failure when max num of queues is exceeded
    (git-fixes).
  o i40e: Fix logic of disabling queues (git-fixes).
  o i40e: Fix queue-to-TC mapping on Tx (git-fixes).
  o i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
  o iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#
    SLE-7940).
  o iavf: Set RSS LUT and key in reset handle path (git-fixes).
  o IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
  o ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
  o ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
  o ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
  o ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
  o ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
  o ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
  o ice: do not abort devlink info if board identifier can't be found (jsc#
    SLE-12878).
  o ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
  o ice: Prevent probing virtual functions (git-fixes).
  o igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
  o iio: dac: ad5624r: Fix incorrect handling of an optional regulator
    (git-fixes).
  o Improved the warning message.
  o include/linux/list.h: add a macro to test if entry is pointing to the head
    (git-fixes).
  o intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#
    1175543)
  o intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#
    1175543)
  o intel_idle: Annotate init time data structures (bsc#1175543)
  o intel_idle: Customize IceLake server support (bsc#1175543)
  o intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#
    1180347, bsc#1180141)
  o intel_idle: Fix max_cstate for processor models without C-state tables (bsc
    #1175543)
  o intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#
    1175543)
  o intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
  o intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#
    1175543)
  o intel_idle: Use ACPI _CST on server systems (bsc#1175543)
  o iomap: Fix negative assignment to unsigned sis->pages in
    iomap_swapfile_activate (bsc#1190784).
  o iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762).
  o ionic: cleanly release devlink instance (bsc#1167773).
  o ionic: cleanly release devlink instance (bsc#1167773).
  o ionic: count csum_none when offload enabled (bsc#1167773).
  o ionic: drop useless check of PCI driver data validity (bsc#1167773).
  o ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#
    1190115).
  o ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#
    1190115).
  o ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#
    1190115).
  o ipc/util.c: use binary search for max_idx (bsc#1159886).
  o ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
  o ipvs: avoid expiring many connections from timer (bsc#1190467).
  o ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
  o ipvs: queue delayed work to expire no destination connections if
    expire_nodest_conn=1 (bsc#1190467).
  o iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
    (git-fixes).
  o iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed
    (git-fixes).
  o iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes).
  o iwlwifi: skip first element in the WTAS ACPI table (git-fixes).
  o kernel-binary.spec: Check for no kernel signing certificates. Also remove
    unused variable.
  o kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
  o kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358).
    Copy the code from kernel-module-subpackage that deals with empty KMPs.
  o kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#
    1190358). The script part for base package case is completely separate from
    the part for subpackages. Remove the part for subpackages from the base
    package script and use the KMP scripts for subpackages instead.
  o kernel-binary.spec.in: add zstd to BuildRequires if used
  o kernel-binary.spec.in: make sure zstd is supported by kmod if used
  o kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#
    1189841). Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#
    1189841).")
  o kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
    (bsc#1189153).
  o leds: trigger: audio: Add an activate callback to ensure the initial
    brightness is set (git-fixes).
  o lib/mpi: use kcalloc in mpi_resize (git-fixes).
  o libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
    (git-fixes).
  o libata: fix ata_host_start() (git-fixes).
  o libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
  o libbpf: Fix the possible memory leak on error (git-fixes).
  o lockd: Fix invalid lockowner cast after vfs_test_lock (git-fixes).
  o mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
  o mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
  o mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
  o mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
  o mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
    (git-fixes).
  o mac80211: mesh: fix potentially unaligned access (git-fixes).
  o mailbox: sti: quieten kernel-doc warnings (git-fixes).
  o md: revert io stats accounting (git-fixes).
  o md/raid10: properly indicate failure when ending a failed write request
    (git-fixes).
  o media: cedrus: Fix SUNXI tile size calculation (git-fixes).
  o media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
  o media: cxd2880-spi: Fix an error handling path (git-fixes).
  o media: dib8000: rewrite the init prbs logic (git-fixes).
  o media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
  o media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
  o media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
  o media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
  o media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
  o media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
  o media: go7007: remove redundant initialization (git-fixes).
  o media: imx258: Limit the max analogue gain to 480 (git-fixes).
  o media: imx258: Rectify mismatch of VTS value (git-fixes).
  o media: rc-loopback: return number of emitters rather than error
    (git-fixes).
  o media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
  o media: TDA1997x: enable EDID support (git-fixes).
  o media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
  o media: uvc: do not do DMA on stack (git-fixes).
  o media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
  o media: venus: venc: Fix potential null pointer dereference on pointer fmt
    (git-fixes).
  o media: zr364xx: fix memory leaks in probe() (git-fixes).
  o media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
  o memcg: enable accounting for file lock caches (bsc#1190115).
  o mfd: axp20x: Update AXP288 volatile ranges (git-fixes).
  o mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
  o mfd: lpc_sch: Rename GPIOBASE to prevent build error (git-fixes).
  o mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (git-fixes).
  o misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
  o misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
  o mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
  o mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#
    1189301).
  o mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
  o mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872).
  o mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#
    1187619).
  o mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
  o mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#
    1189569).
  o mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#
    1189301).
  o mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
  o mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
  o mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
  o mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
  o mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
  o mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
  o mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711
    (git-fixes).
  o mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
  o mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
  o mtd: rawnand: cafe: Fix a resource leak in the error handling path of
    'cafe_nand_probe()' (git-fixes).
  o nbd: Aovid double completion of a request (git-fixes).
  o nbd: do not update block size after device is started (git-fixes).
  o nbd: Fix NULL pointer in flush_workqueue (git-fixes).
  o net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases
    (git-fixes).
  o net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
  o net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
  o net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
  o net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: remove redundant initialization of variable err (jsc#SLE-18779,
    bsc#1185726).
  o net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#
    SLE-18779, bsc#1185726).
  o net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
  o net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
  o net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
  o net: usb: lan78xx: do not modify phy_device state concurrently (bsc#
    1188270)
  o net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412)
  o net/mlx5: E-Switch, handle devcom events only for ports on the same device
    (git-fixes).
  o net/mlx5: Fix flow table chaining (git-fixes).
  o net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set
    () (jsc#SLE-15172).
  o net/mlx5: Fix return value from tracer initialization (git-fixes).
  o net/mlx5: Unload device upon firmware fatal error (git-fixes).
  o net/mlx5e: Add missing capability check for uplink follow (bsc#1188412)
  o net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
  o net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
  o net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
  o netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#
    1190062).
  o nfp: update ethtool reporting of pauseframe control (git-fixes).
  o NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
  o NFS: Correct size calculation for create reply length (bsc#1189870).
  o NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
  o NFS: pass cred explicitly for access tests (bsc#1190746).
  o nfsd4: Fix forced-expiry locking (git-fixes).
  o NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes).
  o nvme-multipath: revalidate paths during rescan (bsc#1187211)
  o nvme-multipath: revalidate paths during rescan (bsc#1187211).
  o nvme-pci: fix NULL req in completion handler (bsc#1181972).
  o nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
  o nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#
    1181972).
  o nvme-pci: use unsigned for io queue depth (bsc#1181972).
  o nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#
    1181972).
  o nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
  o nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
  o nvme: avoid possible double fetch in handling CQE (bsc#1181972).
  o nvme: avoid race in shutdown namespace removal (bsc#1188067).
  o nvme: code command_id with a genctr for use-after-free validation (bsc#
    1181972).
  o nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
  o nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
  o nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
  o ocfs2: fix snprintf() checking (bsc#1189581).
  o ocfs2: fix zero out valid data (bsc#1189579).
  o ocfs2: issue zeroout to EOF blocks (bsc#1189582).
  o ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439).
  o optee: Fix memory leak when failing to register shm pages (git-fixes).
  o overflow: Correct check_shl_overflow() comment (git-fixes).
  o params: lift param_set_uint_minmax to common code (bsc#1181972).
  o parport: remove non-zero check on count (git-fixes).
  o PCI: aardvark: Fix checking for PIO status (git-fixes).
  o PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
    (git-fixes).
  o PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO
    response (git-fixes).
  o PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
  o PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
  o PCI: Add AMD GPU multi-function power dependencies (git-fixes).
  o PCI: Call Max Payload Size-related fixup quirks early (git-fixes).
  o PCI: Fix pci_dev_str_match_path() alloc while atomic bug (git-fixes).
  o PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
  o PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
  o PCI: iproc: Fix BCMA probe resource handling (git-fixes).
  o PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges'
    (git-fixes).
  o PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
  o PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
  o PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
  o PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
    (git-fixes).
  o PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
  o PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
  o PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes).
  o PCI: Use pci_update_current_state() in pci_enable_device_flags()
    (git-fixes).
  o PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
  o PCI/MSI: Correct misleading comments (git-fixes).
  o PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
  o PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
  o PCI/MSI: Mask all unused MSI-X entries (git-fixes).
  o PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
  o PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
  o PCI/portdrv: Enable Bandwidth Notification only if port supports it
    (git-fixes).
  o perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
    (bsc#1189225).
  o phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
  o pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
  o pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
    (git-fixes).
  o pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes).
  o PM: base: power: do not try to use non-existing RTC for storing data
    (git-fixes).
  o PM: EM: Increase energy calculation precision (git-fixes).
  o PM: sleep: core: Avoid setting power.must_resume to false (git-fixes).
  o post.sh: detect /usr mountpoint too
  o power: supply: axp288_fuel_gauge: Report register-address on readb / writeb
    errors (git-fixes).
  o power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
  o power: supply: max17042: handle fails of reading status register
    (git-fixes).
  o powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
  o powerpc: fix function annotations to avoid section mismatch warnings with
    gcc-10 (bsc#1148868).
  o powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
  o powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544
    ltc#194520).
  o powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#
    1065729).
  o powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
    (bsc#1065729).
  o powerpc/perf: Fix the check for SIAR value (bsc#1065729).
  o powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
  o powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
  o powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#
    1065729).
  o powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
  o powerpc/powernv: Fix machine check reporting of async store errors (bsc#
    1065729).
  o powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#
    1190620 ltc#194498).
  o powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
  o pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
  o pwm: img: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: lpc32xx: Do not modify HW state in .probe() after the PWM chip was
    registered (git-fixes).
  o pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
  o pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
  o qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
  o RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#
    1170774).
  o RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
  o RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it
    recently (jsc#SLE-15175).
  o RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
  o RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
  o Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
  o regmap: fix page selection for noinc reads (git-fixes).
  o regmap: fix page selection for noinc writes (git-fixes).
  o regmap: fix the offset of register error log (git-fixes).
  o regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
  o regulator: vctrl: Use locked regulator_get_voltage in probe path
    (git-fixes).
  o reset: reset-zynqmp: Fixed the argument data type (git-fixes).
  o rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla
    kernel which is not supported in any way. The only effect is has is that
    the image and initrd symlinks are created with this suffix. These symlinks
    are not used except on s390 where the unsuffixed symlinks are used by zipl.
    There is no reason why a vanilla kernel could not be used with zipl as well
    as it's quite unexpected to not be able to boot when only a vanilla kernel
    is installed. Finally we now have a backup zipl kernel so if the vanilla
    kernel is indeed unsuitable the backup kernel can be used.
  o rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary
    and KMP scriptlets to suse-module-tools. This allows fixing bugs in the
    scriptlets as well as defining initrd regeneration policy independent of
    the kernel packages.
  o rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the
    shortened hash rather than full filename. As has been discussed in bsc#
    1124431 comment 51 https://bugzilla.suse.com/show_bug.cgiid=1124431#c51
    the placement of the certificates is an API which cannot be changed unless
    we can ensure that no two kernels that use different certificate location
    can be built with the same certificate.
  o rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#
    1189841). These are unchanged since 2011 when they were introduced. No need
    to track them separately.
  o rpm: support gz and zst compression methods Extend commit 18fcdff43a00
    ("rpm: support compressed modules") for compression methods other than xz.
  o rpm/kernel-binary.spec: Use only non-empty certificates.
  o rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had
    arbitrary values in staging, we can't use it for dependencies. The
    filesystem one has to be enough (boo#1184804).
  o rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to
    use kmod with ZSTD support on non-Tumbleweed.
  o rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: *
    sources are NOT executable * env is not used as interpreter * timestamps
    are correct We do all this for normal kernel builds, but not for
    vanilla_only kernels (linux-next and vanilla).
  o rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
  o rsi: fix an error code in rsi_probe() (git-fixes).
  o rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
  o rtc: rx8010: select REGMAP_I2C (git-fixes).
  o rtc: tps65910: Correct driver module alias (git-fixes).
  o s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
  o s390/unwind: use current_frame_address() to unwind current task (bsc#
    1185677).
  o sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
  o sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
  o sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
  o sched/fair: Ensure that the CFS parent is added after unthrottling
    (git-fixes).
  o sched/rt: Fix RT utilization tracking during policy change (git-fixes)
  o scsi: core: Add helper to return number of logical blocks in a request (bsc
    #1190576).
  o scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
  o scsi: fc: Add EDC ELS definition (bsc#1190576).
  o scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
  o scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
  o scsi: libfc: Fix array index out of bound exception (bsc#1188616).
  o scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
  o scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
  o scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
  o scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
  o scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
  o scsi: lpfc: Add EDC ELS support (bsc#1190576).
  o scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
  o scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
  o scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware
    (bsc#1190576).
  o scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
  o scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#
    1190576).
  o scsi: lpfc: Add support for the CM framework (bsc#1190576).
  o scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#
    1190576).
  o scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
  o scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding
    (bsc#1190576).
  o scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
  o scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
  o scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#
    1190576).
  o scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing
    (bsc#1190576).
  o scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
  o scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
  o scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
  o scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
  o scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#
    1190576).
  o scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
  o scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
  o scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#
    1190576).
  o scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
  o scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#
    1190576).
  o scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
  o scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
    (git-fixes).
  o scsi: lpfc: Remove unneeded variable (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
  o scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
  o scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
  o scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#
    1190576).
  o scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
  o scsi: lpfc: Zero CGN stats only during initial driver load and stat reset
    (bsc#1190576).
  o scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
  o scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
  o scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
  o scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770).
  o scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#
    1174003 bsc#1190576).
  o selftests/bpf: Define string const as global for test_sysctl_prog.c
    (git-fixes).
  o selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP
    (git-fixes).
  o selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change
    (git-fixes).
  o selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
  o serial: 8250_pci: make setup_port() parameters explicitly unsigned
    (git-fixes).
  o serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
  o serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
  o serial: sh-sci: fix break handling for sysrq (git-fixes).
  o slimbus: messaging: check for valid transaction id (git-fixes).
  o slimbus: messaging: start transaction ids from 1 instead of zero
    (git-fixes).
  o slimbus: ngd: reset dma setup during runtime pm (git-fixes).
  o soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
  o soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
  o soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
  o soc: qcom: smsm: Fix missed interrupts if state changes while masked
    (git-fixes).
  o spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
  o spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
    (git-fixes).
  o spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
  o spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
  o staging: board: Fix uninitialized spinlock when attaching genpd
    (git-fixes).
  o staging: ks7010: Fix the initialization of the 'sleep_status' structure
    (git-fixes).
  o staging: rtl8192u: Fix bitwise vs logical operator in
    TranslateRxSignalStuff819xUsb() (git-fixes).
  o staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
  o SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202
    bsc#1188924).
  o SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202
    bsc#1188924).
  o SUNRPC: Fix potential memory corruption (git-fixes).
  o SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#
    1188924).
  o SUNRPC: improve error response to over-size gss credential (bsc#1190022).
  o SUNRPC: Simplify socket shutdown when not reusing TCP ports (git-fixes).
  o thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
    (git-fixes).
  o thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
    (git-fixes).
  o time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
  o tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
  o tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event
    name (git-fixes).
  o tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
  o tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
  o tty: serial: jsm: hold port lock when reporting modem line changes
    (git-fixes).
  o tty: synclink_gt, drop unneeded forward declarations (git-fixes).
  o ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
  o ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
  o ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#
    1189586).
  o ubifs: Only check replay with inode type to judge if inode linked (bsc#
    1187455).
  o ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
  o usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
  o usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA
    config is available (git-fixes).
  o usb: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
  o usb: core: hcd: Add support for deferring roothub registration (git-fixes).
  o usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails
    (git-fixes).
  o usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
  o usb: dwc2: Fix error path in gadget registration (git-fixes).
  o usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
  o usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
    (git-fixes).
  o usb: dwc2: Postponed gadget registration to the udc class driver
    (git-fixes).
  o usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
  o usb: dwc3: core: do not do suspend for device mode if already suspended
    (git-fixes).
  o usb: dwc3: core: Properly default unspecified speed (git-fixes).
  o usb: dwc3: debug: Remove newline printout (git-fixes).
  o usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
  o usb: dwc3: gadget: Check MPS of the request length (git-fixes).
  o usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
  o usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
  o usb: dwc3: gadget: Do not setup more than requested (git-fixes).
  o usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
  o usb: dwc3: gadget: Fix handling ZLP (git-fixes).
  o usb: dwc3: gadget: Give back staled requests (git-fixes).
  o usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
  o usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
  o usb: dwc3: gadget: Set BESL config parameter (git-fixes).
  o usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
  o usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
  o usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
  o usb: dwc3: meson-g12a: add IRQ check (git-fixes).
  o usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init
    (git-fixes).
  o usb: dwc3: of-simple: add a shutdown (git-fixes).
  o usb: dwc3: Separate field holding multiple properties (git-fixes).
  o usb: dwc3: support continuous runtime PM with dual role (git-fixes).
  o usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
    (git-fixes).
  o usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
  o usb: gadget: Export recommended BESL values (git-fixes).
  o usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
  o usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
  o usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
  o usb: gadget: udc: at91: add IRQ check (git-fixes).
  o usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
  o usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
  o usb: host: fotg210: fix the endpoint's transactional opportunities
    calculation (git-fixes).
  o usb: host: ohci-tmio: add IRQ check (git-fixes).
  o usb: host: xhci-rcar: Do not reload firmware after the completion
    (git-fixes).
  o usb: mtu3: fix the wrong HS mult value (git-fixes).
  o usb: mtu3: use @mult for HS isoc or intr (git-fixes).
  o usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
  o usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
    (git-fixes).
  o usb: phy: fsl-usb: add IRQ check (git-fixes).
  o usb: phy: tahvo: add IRQ check (git-fixes).
  o usb: phy: twl6030: add IRQ checks (git-fixes).
  o usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
    (git-fixes).
  o usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
  o usb: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes).
  o usb: serial: option: add Telit LN920 compositions (git-fixes).
  o usb: serial: option: remove duplicate USB device ID (git-fixes).
  o usbip: give back URBs for unsent unlink requests during cleanup
    (git-fixes).
  o usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
  o video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
  o video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
  o video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
  o virtio_pci: Support surprise removal of virtio pci device (git-fixes).
  o VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
  o vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
  o vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
  o vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
  o vmxnet3: prepare for version 6 changes (bsc#1190406).
  o vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
  o vmxnet3: set correct hash type based on rss information (bsc#1190406).
  o vmxnet3: update to version 6 (bsc#1190406).
  o watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST
    (git-fixes).
  o writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
  o x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#
    1185302).
  o x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#
    1190561).
  o x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
  o x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
  o x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
  o x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
  o x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
  o x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
    (bsc#1152489).
  o x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#
    1152489).
  o x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
  o x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337).
  o x86/sev: Split up runtime #VC handler for correct state tracking (jsc#
    SLE-14337).
  o x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337).
  o x86/signal: Detect and prevent an alternate signal stack overflow (bsc#
    1152489).
  o xen/events: Fix race in set_evtchn_to_irq (git-fixes).
  o xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
  o xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
  o xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()'
    (git-fixes).
  o xhci: Set HCD flag to defer primary roothub registration (git-fixes).
  o xprtrdma: Pad optimization, revisited (bsc#1189760).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE MicroOS 5.1:
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3415=1
  o SUSE Linux Enterprise Module for Realtime 15-SP3:
    zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2021-3415=1

Package List:

  o SUSE MicroOS 5.1 (x86_64):
       kernel-rt-5.3.18-57.1
       kernel-rt-debuginfo-5.3.18-57.1
       kernel-rt-debugsource-5.3.18-57.1
  o SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):
       kernel-devel-rt-5.3.18-57.1
       kernel-source-rt-5.3.18-57.1
  o SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):
       cluster-md-kmp-rt-5.3.18-57.1
       cluster-md-kmp-rt-debuginfo-5.3.18-57.1
       dlm-kmp-rt-5.3.18-57.1
       dlm-kmp-rt-debuginfo-5.3.18-57.1
       gfs2-kmp-rt-5.3.18-57.1
       gfs2-kmp-rt-debuginfo-5.3.18-57.1
       kernel-rt-5.3.18-57.1
       kernel-rt-debuginfo-5.3.18-57.1
       kernel-rt-debugsource-5.3.18-57.1
       kernel-rt-devel-5.3.18-57.1
       kernel-rt-devel-debuginfo-5.3.18-57.1
       kernel-rt_debug-debuginfo-5.3.18-57.1
       kernel-rt_debug-debugsource-5.3.18-57.1
       kernel-rt_debug-devel-5.3.18-57.1
       kernel-rt_debug-devel-debuginfo-5.3.18-57.1
       kernel-syms-rt-5.3.18-57.1
       ocfs2-kmp-rt-5.3.18-57.1
       ocfs2-kmp-rt-debuginfo-5.3.18-57.1


References:

  o https://www.suse.com/security/cve/CVE-2020-12770.html
  o https://www.suse.com/security/cve/CVE-2020-3702.html
  o https://www.suse.com/security/cve/CVE-2021-34556.html
  o https://www.suse.com/security/cve/CVE-2021-35477.html
  o https://www.suse.com/security/cve/CVE-2021-3653.html
  o https://www.suse.com/security/cve/CVE-2021-3656.html
  o https://www.suse.com/security/cve/CVE-2021-3669.html
  o https://www.suse.com/security/cve/CVE-2021-3732.html
  o https://www.suse.com/security/cve/CVE-2021-3739.html
  o https://www.suse.com/security/cve/CVE-2021-3743.html
  o https://www.suse.com/security/cve/CVE-2021-3744.html
  o https://www.suse.com/security/cve/CVE-2021-3752.html
  o https://www.suse.com/security/cve/CVE-2021-3753.html
  o https://www.suse.com/security/cve/CVE-2021-3759.html
  o https://www.suse.com/security/cve/CVE-2021-3764.html
  o https://www.suse.com/security/cve/CVE-2021-38160.html
  o https://www.suse.com/security/cve/CVE-2021-38198.html
  o https://www.suse.com/security/cve/CVE-2021-40490.html
  o https://bugzilla.suse.com/1065729
  o https://bugzilla.suse.com/1124431
  o https://bugzilla.suse.com/1127650
  o https://bugzilla.suse.com/1135481
  o https://bugzilla.suse.com/1148868
  o https://bugzilla.suse.com/1152489
  o https://bugzilla.suse.com/1154353
  o https://bugzilla.suse.com/1159886
  o https://bugzilla.suse.com/1167032
  o https://bugzilla.suse.com/1167773
  o https://bugzilla.suse.com/1168202
  o https://bugzilla.suse.com/1170774
  o https://bugzilla.suse.com/1171420
  o https://bugzilla.suse.com/1171688
  o https://bugzilla.suse.com/1173746
  o https://bugzilla.suse.com/1174003
  o https://bugzilla.suse.com/1175543
  o https://bugzilla.suse.com/1176447
  o https://bugzilla.suse.com/1176940
  o https://bugzilla.suse.com/1177028
  o https://bugzilla.suse.com/1177399
  o https://bugzilla.suse.com/1178134
  o https://bugzilla.suse.com/1180141
  o https://bugzilla.suse.com/1180347
  o https://bugzilla.suse.com/1181006
  o https://bugzilla.suse.com/1181972
  o https://bugzilla.suse.com/1184114
  o https://bugzilla.suse.com/1184439
  o https://bugzilla.suse.com/1184611
  o https://bugzilla.suse.com/1184804
  o https://bugzilla.suse.com/1185302
  o https://bugzilla.suse.com/1185550
  o https://bugzilla.suse.com/1185675
  o https://bugzilla.suse.com/1185677
  o https://bugzilla.suse.com/1185726
  o https://bugzilla.suse.com/1185762
  o https://bugzilla.suse.com/1185898
  o https://bugzilla.suse.com/1187211
  o https://bugzilla.suse.com/1187455
  o https://bugzilla.suse.com/1187591
  o https://bugzilla.suse.com/1187619
  o https://bugzilla.suse.com/1188067
  o https://bugzilla.suse.com/1188172
  o https://bugzilla.suse.com/1188270
  o https://bugzilla.suse.com/1188412
  o https://bugzilla.suse.com/1188418
  o https://bugzilla.suse.com/1188439
  o https://bugzilla.suse.com/1188616
  o https://bugzilla.suse.com/1188651
  o https://bugzilla.suse.com/1188694
  o https://bugzilla.suse.com/1188700
  o https://bugzilla.suse.com/1188878
  o https://bugzilla.suse.com/1188924
  o https://bugzilla.suse.com/1188983
  o https://bugzilla.suse.com/1188985
  o https://bugzilla.suse.com/1188986
  o https://bugzilla.suse.com/1189153
  o https://bugzilla.suse.com/1189225
  o https://bugzilla.suse.com/1189257
  o https://bugzilla.suse.com/1189262
  o https://bugzilla.suse.com/1189297
  o https://bugzilla.suse.com/1189301
  o https://bugzilla.suse.com/1189399
  o https://bugzilla.suse.com/1189400
  o https://bugzilla.suse.com/1189503
  o https://bugzilla.suse.com/1189504
  o https://bugzilla.suse.com/1189505
  o https://bugzilla.suse.com/1189506
  o https://bugzilla.suse.com/1189507
  o https://bugzilla.suse.com/1189562
  o https://bugzilla.suse.com/1189563
  o https://bugzilla.suse.com/1189564
  o https://bugzilla.suse.com/1189565
  o https://bugzilla.suse.com/1189566
  o https://bugzilla.suse.com/1189567
  o https://bugzilla.suse.com/1189568
  o https://bugzilla.suse.com/1189569
  o https://bugzilla.suse.com/1189573
  o https://bugzilla.suse.com/1189574
  o https://bugzilla.suse.com/1189575
  o https://bugzilla.suse.com/1189576
  o https://bugzilla.suse.com/1189577
  o https://bugzilla.suse.com/1189579
  o https://bugzilla.suse.com/1189581
  o https://bugzilla.suse.com/1189582
  o https://bugzilla.suse.com/1189583
  o https://bugzilla.suse.com/1189585
  o https://bugzilla.suse.com/1189586
  o https://bugzilla.suse.com/1189587
  o https://bugzilla.suse.com/1189696
  o https://bugzilla.suse.com/1189706
  o https://bugzilla.suse.com/1189760
  o https://bugzilla.suse.com/1189762
  o https://bugzilla.suse.com/1189832
  o https://bugzilla.suse.com/1189841
  o https://bugzilla.suse.com/1189870
  o https://bugzilla.suse.com/1189872
  o https://bugzilla.suse.com/1189883
  o https://bugzilla.suse.com/1189884
  o https://bugzilla.suse.com/1190022
  o https://bugzilla.suse.com/1190023
  o https://bugzilla.suse.com/1190025
  o https://bugzilla.suse.com/1190062
  o https://bugzilla.suse.com/1190115
  o https://bugzilla.suse.com/1190117
  o https://bugzilla.suse.com/1190131
  o https://bugzilla.suse.com/1190138
  o https://bugzilla.suse.com/1190159
  o https://bugzilla.suse.com/1190181
  o https://bugzilla.suse.com/1190358
  o https://bugzilla.suse.com/1190406
  o https://bugzilla.suse.com/1190412
  o https://bugzilla.suse.com/1190413
  o https://bugzilla.suse.com/1190428
  o https://bugzilla.suse.com/1190467
  o https://bugzilla.suse.com/1190523
  o https://bugzilla.suse.com/1190534
  o https://bugzilla.suse.com/1190543
  o https://bugzilla.suse.com/1190544
  o https://bugzilla.suse.com/1190561
  o https://bugzilla.suse.com/1190576
  o https://bugzilla.suse.com/1190595
  o https://bugzilla.suse.com/1190596
  o https://bugzilla.suse.com/1190598
  o https://bugzilla.suse.com/1190620
  o https://bugzilla.suse.com/1190626
  o https://bugzilla.suse.com/1190679
  o https://bugzilla.suse.com/1190705
  o https://bugzilla.suse.com/1190717
  o https://bugzilla.suse.com/1190746
  o https://bugzilla.suse.com/1190758
  o https://bugzilla.suse.com/1190784
  o https://bugzilla.suse.com/1190785
  o https://bugzilla.suse.com/1191172
  o https://bugzilla.suse.com/1191193
  o https://bugzilla.suse.com/1191292
  o https://bugzilla.suse.com/859220


- --------------------------------------------------------------------------------


SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:3205-2
Rating:            important
References:        #1040364 #1127650 #1135481 #1152489 #1160010 #1168202
                   #1171420 #1174969 #1175052 #1175543 #1177399 #1180100
                   #1180141 #1180347 #1181006 #1181148 #1181972 #1184180
                   #1185902 #1186264 #1186731 #1187211 #1187455 #1187468
                   #1187483 #1187619 #1187959 #1188067 #1188172 #1188231
                   #1188270 #1188412 #1188418 #1188616 #1188700 #1188780
                   #1188781 #1188782 #1188783 #1188784 #1188786 #1188787
                   #1188788 #1188790 #1188878 #1188885 #1188924 #1188982
                   #1188983 #1188985 #1189021 #1189057 #1189077 #1189153
                   #1189197 #1189209 #1189210 #1189212 #1189213 #1189214
                   #1189215 #1189216 #1189217 #1189218 #1189219 #1189220
                   #1189221 #1189222 #1189225 #1189229 #1189233 #1189262
                   #1189291 #1189292 #1189296 #1189298 #1189301 #1189305
                   #1189323 #1189384 #1189385 #1189392 #1189393 #1189399
                   #1189400 #1189427 #1189503 #1189504 #1189505 #1189506
                   #1189507 #1189562 #1189563 #1189564 #1189565 #1189566
                   #1189567 #1189568 #1189569 #1189573 #1189574 #1189575
                   #1189576 #1189577 #1189579 #1189581 #1189582 #1189583
                   #1189585 #1189586 #1189587 #1189706 #1189760 #1189762
                   #1189832 #1189841 #1189870 #1189872 #1189883 #1190022
                   #1190025 #1190115 #1190117 #1190412 #1190413 #1190428
Cross-References:  CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640
                   CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732
                   CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759
                   CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204
                   CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209
Affected Products:
                   SUSE MicroOS 5.1
______________________________________________________________________________

An update that solves 20 vulnerabilities and has 106 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed:

  o CVE-2021-3640: Fixed a Use-After-Free vulnerability in function
    sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
  o CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a
    malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
  o CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and
    allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and
    VLS for the L2 guest (bsc#1189400).
  o CVE-2021-3679: A lack of CPU resource in tracing module functionality was
    found in the way user uses trace ring buffer in a specific way. Only
    privileged local users (with CAP_SYS_ADMIN capability) could use this flaw
    to starve the resources causing denial of service (bnc#1189057).
  o CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can
    reveal files (bsc#1189706).
  o CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by
    invalid id (bsc#1189832 ).
  o CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
  o CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#
    1190025).
  o CVE-2021-38160: Data corruption or loss could be triggered by an untrusted
    device that supplies a buf->len value exceeding the buffer size in drivers/
    char/virtio_console.c (bsc#1190117)
  o CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the
    access permissions of a shadow page, leading to a missing guest protection
    page fault (bnc#1189262).
  o CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate
    attackers to cause a denial of service (use-after-free and panic) by
    removing a MAX-3421 USB device in certain situations (bnc#1189291).
  o CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it
    easier for attackers to defeat an ASLR protection mechanism because it
    prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
  o CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote
    attackers to cause a denial of service (buffer overflow and lockup) by
    sending heavy network traffic for about ten minutes (bnc#1189298).
  o CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many
    elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233
    ).
  o CVE-2021-38209: Fixed allowed observation of changes in any net namespace
    via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
  o CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser
    inside the mac80211 subsystem (bnc#1189296).
  o CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass
    via unprivileged BPF program that could have obtain sensitive information
    from kernel memory (bsc#1188983).
  o CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused
    to disclose content of arbitrary kernel memory (bsc#1188985).
  o CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to
    breaking memcg limits and DoS attacks (bsc#1190115).
  o CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases
    (bsc#1171420).


The following non-security bugs were fixed:

  o ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
  o ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
  o ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
  o ACPI: processor: Export function to claim _CST control (bsc#1175543)
  o ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
  o ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#
    1175543)
  o ALSA: hda - fix the 'Capture Switch' value change notifications
    (git-fixes).
  o ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes).
  o ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms
    (git-fixes).
  o ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically
    (git-fixes).
  o ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes).
  o ALSA: hda/realtek - Add type for ALC287 (git-fixes).
  o ALSA: hda/realtek: Change device names for quirks to barebone names
    (git-fixes).
  o ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop
    (git-fixes).
  o ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256)
    (git-fixes).
  o ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
  o ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
  o ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series
    (git-fixes).
  o ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC
    (git-fixes).
  o ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
  o ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
  o ALSA: hda: Fix hang during shutdown due to link reset (git-fixes).
  o ALSA: hda: Release controller display power during shutdown/reboot
    (git-fixes).
  o ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes).
  o ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
  o ALSA: seq: Fix racy deletion of subscriber (git-fixes).
  o ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
  o ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume
    (git-fixes).
  o ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
  o ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
  o ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
  o ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
  o ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
  o ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373
    (git-fixes).
  o ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes).
  o ASoC: amd: Fix reference to PCM buffer address (git-fixes).
  o ASoC: component: Remove misplaced prefix handling in pin control functions
    (git-fixes).
  o ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
  o ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
  o ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
  o ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
  o ASoC: cs42l42: Remove duplicate control for WNF filter frequency
    (git-fixes).
  o ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
  o ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes).
  o ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in
    mt8183_afe_pcm_dev_probe (git-fixes).
  o ASoC: rt5682: Adjust headset volume button threshold (git-fixes).
  o ASoC: rt5682: Adjust headset volume button threshold again (git-fixes).
  o ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend
    (git-fixes).
  o ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes).
  o ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup
    (git-fixes).
  o ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes).
  o ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes).
  o ASoC: uniphier: Fix reference to PCM buffer address (git-fixes).
  o ASoC: wcd9335: Disable irq on slave ports in the remove function
    (git-fixes).
  o ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
  o ASoC: wcd9335: Fix a memory leak in the error handling path of the probe
    function (git-fixes).
  o ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
  o Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
  o Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
  o Bluetooth: btusb: Fix a unspported condition to set available debug
    features (git-fixes).
  o Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS
    (git-fixes).
  o Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes).
  o Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
  o Bluetooth: hidp: use correct wait queue when removing ctrl_wait
    (git-fixes).
  o Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
    (git-fixes).
  o Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd
    (git-fixes).
  o Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
    (git-fixes).
  o Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412)
  o KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
  o KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
  o KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc
    #1188788).
  o KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest
    (bsc#1187959).
  o KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#
    1187959).
  o KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#
    1188780).
  o KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781).
  o KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#
    1188782).
  o KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783).
  o KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit
    (bsc#1188784).
  o KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959).
  o KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
  o NFS: Correct size calculation for create reply length (bsc#1189870).
  o NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#
    1189021)
  o NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times
    (git-fixes).
  o NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#
    1040364).
  o PCI/MSI: Correct misleading comments (git-fixes).
  o PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
  o PCI/MSI: Enable and mask MSI-X early (git-fixes).
  o PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
  o PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
  o PCI/MSI: Mask all unused MSI-X entries (git-fixes).
  o PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
  o PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
  o PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
  o PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
    (git-fixes).
  o PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
  o RDMA/bnxt_re: Fix stats counters (bsc#1188231).
  o SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202
    bsc#1188924).
  o SUNRPC: Fix the batch tasks count wraparound (git-fixes).
  o SUNRPC: Should wake up the privileged task firstly (git-fixes).
  o SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202
    bsc#1188924).
  o SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#
    1188924).
  o SUNRPC: improve error response to over-size gss credential (bsc#1190022).
  o SUNRPC: prevent port reuse on transports which do not request it (bnc#
    1186264 bnc#1189021).
  o USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
  o USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
  o USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
  o USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
  o USB: usbtmc: Fix RCU stall warning (git-fixes).
  o USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
  o VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
  o ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
  o ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
  o ath: Use safer key clearing with key cache entries (git-fixes).
  o bcma: Fix memory leak for internally-handled cores (git-fixes).
  o bdi: Do not use freezable workqueue (bsc#1189573).
  o blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit()
    (bsc#1189507).
  o blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
  o blk-wbt: introduce a new disable state to prevent false positive by
    rwb_enabled() (bsc#1189503).
  o blk-wbt: make sure throttle is enabled properly (bsc#1189504).
  o block: fix trace completion for chained bio (bsc#1189505).
  o bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075).
  o brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
  o btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
  o btrfs: add a trace class for dumping the current ENOSPC state (bsc#
    1135481).
  o btrfs: add a trace point for reserve tickets (bsc#1135481).
  o btrfs: adjust the flush trace point to include the source (bsc#1135481).
  o btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
  o btrfs: factor out create_chunk() (bsc#1189077).
  o btrfs: factor out decide_stripe_size() (bsc#1189077).
  o btrfs: factor out gather_device_info() (bsc#1189077).
  o btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
  o btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
  o btrfs: fix deadlock with concurrent chunk allocations involving system
    chunks (bsc#1189077).
  o btrfs: handle invalid profile in chunk allocation (bsc#1189077).
  o btrfs: implement space clamping for preemptive flushing (bsc#1135481).
  o btrfs: improve preemptive background space flushing (bsc#1135481).
  o btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
  o btrfs: introduce alloc_chunk_ctl (bsc#1189077).
  o btrfs: introduce chunk allocation policy (bsc#1189077).
  o btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#
    1135481).
  o btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
  o btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
  o btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
  o btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
  o btrfs: rename need_do_async_reclaim (bsc#1135481).
  o btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
  o btrfs: rework chunk allocation to avoid exhaustion of the system chunk
    array (bsc#1189077).
  o btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
  o btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#
    1135481).
  o btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
  o btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
  o btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#
    1135481).
  o can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
  o can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX
    and TX error counters (git-fixes).
  o ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468).
  o ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468).
  o ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#
    1189427).
  o cfg80211: Fix possible memory leak in function cfg80211_bss_update
    (git-fixes).
  o cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
  o cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
  o cifs: constify get_normalized_path() properly (bsc#1185902).
  o cifs: do not cargo-cult strndup() (bsc#1185902).
  o cifs: do not send tree disconnect to ipc shares (bsc#1185902).
  o cifs: do not share tcp servers with dfs mounts (bsc#1185902).
  o cifs: do not share tcp sessions of dfs connections (bsc#1185902).
  o cifs: fix check of dfs interlinks (bsc#1185902).
  o cifs: fix path comparison and hash calc (bsc#1185902).
  o cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
  o cifs: handle different charsets in dfs cache (bsc#1185902).
  o cifs: keep referral server sessions alive (bsc#1185902).
  o cifs: missing null pointer check in cifs_mount (bsc#1185902).
  o cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
  o cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
  o clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
  o clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
  o cpuidle: Allow idle states to be disabled by default (bsc#1175543)
  o cpuidle: Consolidate disabled state checks (bsc#1175543)
  o cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
  o cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
  o cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#
    1175543)
  o crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
  o crypto: qat - use proper type for vf_mask (git-fixes).
  o crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit
    (git-fixes).
  o device-dax: Fix default return code of range_parse() (git-fixes).
  o dm integrity: fix missing goto in bitmap_flush_interval error handling
    (git-fixes).
  o dm rq: fix double free of blk_mq_tag_set in dev remove after table load
    fails (git-fixes).
  o dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
  o dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes).
  o dmaengine: imx-dma: configure the generic DMA type to make it work
    (git-fixes).
  o dmaengine: imx-dma: configure the generic DMA type to make it work
    (git-fixes).
  o dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
  o dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is
    not yet available (git-fixes).
  o dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
  o dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
    (git-fixes).
  o drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
  o drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes).
  o drm/amd/display: Fix comparison error in dcn21 DML (git-fixes).
  o drm/amd/display: Fix max vstartup calculation for modes with borders
    (git-fixes).
  o drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes).
  o drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes).
  o drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes).
  o drm/amdgpu/acp: Make PM domain really work (git-fixes).
  o drm/amdgpu/display: fix DMUB firmware version info (git-fixes).
  o drm/amdgpu/display: only enable aux backlight control for OLED panels
    (git-fixes).
  o drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes).
  o drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir
    (git-fixes).
  o drm/dp_mst: Fix return code on sideband message failure (git-fixes).
  o drm/i915/dg1: gmbus pin mapping (bsc#1188700).
  o drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700).
  o drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos
    (bsc#1188700).
  o drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#
    1188700).
  o drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700).
  o drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700).
  o drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700).
  o drm/i915: Add VBT AUX CH H and I (bsc#1188700).
  o drm/i915: Add VBT DVO ports H and I (bsc#1188700).
  o drm/i915: Add more AUX CHs to the enum (bsc#1188700).
  o drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#
    1188700).
  o drm/i915: Correct SFC_DONE register offset (git-fixes).
  o drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700).
  o drm/i915: Move hpd_pin setup to encoder init (bsc#1188700).
  o drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700).
  o drm/i915: Only access SFC_DONE when media domain is not fused off
    (git-fixes).
  o drm/meson: fix colour distortion from HDR set during vendor u-boot
    (git-fixes).
  o drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
  o drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs
    (git-fixes).
  o drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
  o drm/msm: Fix error return code in msm_drm_init() (git-fixes).
  o drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences
    (git-fixes).
  o drm/of: free the iterator object on failure (git-fixes).
  o drm/of: free the right object (git-fixes).
  o drm/panfrost: Fix missing clk_disable_unprepare() on error in
    panfrost_clk_init() (git-fixes).
  o drm/prime: fix comment on PRIME Helpers (git-fixes).
  o ext4: cleanup in-core orphan list if ext4_truncate() failed to get a
    transaction handle (bsc#1189568).
  o ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
  o ext4: fix avefreec in find_group_orlov (bsc#1189566).
  o ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
  o ext4: fix potential htree corruption when growing large_dir directories
    (bsc#1189576).
  o ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
  o ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
  o ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
  o fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
  o firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes).
  o firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
    fw_load_sysfs_fallback (git-fixes).
  o fixup "rpm: support gz and zst compression methods" (bsc#1190358, bsc#
    1190428).
  o fpga: altera-freeze-bridge: Address warning about unused variable
    (git-fixes).
  o fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes).
  o fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes).
  o fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
  o fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
  o gpio: eic-sprd: break loop when getting NULL device resource (git-fixes).
  o gpio: tqmx86: really make IRQ optional (git-fixes).
  o i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
  o i2c: highlander: add IRQ check (git-fixes).
  o i2c: iop3xx: fix deferred probing (git-fixes).
  o i2c: mt65xx: fix IRQ check (git-fixes).
  o i2c: s3c2410: fix IRQ check (git-fixes).
  o iio: adc: Fix incorrect exit of for-loop (git-fixes).
  o iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels
    (git-fixes).
  o iio: humidity: hdc100x: Add margin to the conversion time (git-fixes).
  o intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#
    1175543)
  o intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#
    1175543)
  o intel_idle: Annotate init time data structures (bsc#1175543)
  o intel_idle: Customize IceLake server support (bsc#1175543)
  o intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#
    1180347, bsc#1180141)
  o intel_idle: Fix max_cstate for processor models without C-state tables (bsc
    #1175543)
  o intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#
    1175543)
  o intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
  o intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#
    1175543)
  o iommu/amd: Fix extended features logging (bsc#1189213).
  o iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762).
  o iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210).
  o iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209).
  o iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
  o iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
  o iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#
    1189215).
  o iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216).
  o iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#
    1189217).
  o iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
  o iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219).
  o iommu/vt-d: Global devTLB flush when present context entry changed (bsc#
    1189220).
  o iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#
    1189221).
  o iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
  o ionic: add handling of larger descriptors (jsc#SLE-16649).
  o ionic: add new queue features to interface (jsc#SLE-16649).
  o ionic: aggregate Tx byte counting calls (jsc#SLE-16649).
  o ionic: block actions during fw reset (jsc#SLE-16649).
  o ionic: change mtu after queues are stopped (jsc#SLE-16649).
  o ionic: check for link after netdev registration (jsc#SLE-16649).
  o ionic: code cleanup details (jsc#SLE-16649).
  o ionic: fix sizeof usage (jsc#SLE-16649).
  o ionic: fix unchecked reference (jsc#SLE-16649).
  o ionic: fix up dim accounting for tx and rx (jsc#SLE-16649).
  o ionic: generic tx skb mapping (jsc#SLE-16649).
  o ionic: implement Rx page reuse (jsc#SLE-16649).
  o ionic: make all rx_mode work threadsafe (jsc#SLE-16649).
  o ionic: move rx_page_alloc and free (jsc#SLE-16649).
  o ionic: optimize fastpath struct usage (jsc#SLE-16649).
  o ionic: protect adminq from early destroy (jsc#SLE-16649).
  o ionic: rebuild debugfs on qcq swap (jsc#SLE-16649).
  o ionic: remove intr coalesce update from napi (jsc#SLE-16649).
  o ionic: remove some unnecessary oom messages (jsc#SLE-16649).
  o ionic: simplify TSO descriptor mapping (jsc#SLE-16649).
  o ionic: simplify rx skb alloc (jsc#SLE-16649).
  o ionic: simplify the intr_index use in txq_init (jsc#SLE-16649).
  o ionic: simplify tx clean (jsc#SLE-16649).
  o ionic: simplify use of completion types (jsc#SLE-16649).
  o ionic: start queues before announcing link up (jsc#SLE-16649).
  o ionic: stop watchdog when in broken state (jsc#SLE-16649).
  o ionic: useful names for booleans (jsc#SLE-16649).
  o iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes).
  o iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes).
  o iwlwifi: skip first element in the WTAS ACPI table (git-fixes).
  o kABI fix of usb_dcd_config_params (git-fixes).
  o kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
  o kabi fix for NFSv4.1: Do not rebind to the same source port when
    reconnecting to the server (bnc#1186264 bnc#1189021)
  o kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue
    (bsc#1168202 bsc#1188924).
  o kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
    (bsc#1189153).
  o kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#
    1189841).
  o leds: trigger: audio: Add an activate callback to ensure the initial
    brightness is set (git-fixes).
  o lib/mpi: use kcalloc in mpi_resize (git-fixes).
  o lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766).
  o libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
  o mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
  o md/raid10: properly indicate failure when ending a failed write request
    (git-fixes).
  o md: revert io stats accounting (git-fixes).
  o media: TDA1997x: enable EDID support (git-fixes).
  o media: cxd2880-spi: Fix an error handling path (git-fixes).
  o media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
  o media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
  o media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
  o media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
  o media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
  o media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
  o media: go7007: remove redundant initialization (git-fixes).
  o media: rtl28xxu: fix zero-length control request (git-fixes).
  o media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
  o media: venus: venc: Fix potential null pointer dereference on pointer fmt
    (git-fixes).
  o media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
  o media: zr364xx: fix memory leaks in probe() (git-fixes).
  o media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
  o misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes).
  o misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp()
    (git-fixes).
  o mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#
    1189569).
  o mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#
    1189301).
  o mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872).
  o mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#
    1187619).
  o mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
  o mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
  o mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
  o mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
  o mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711
    (git-fixes).
  o mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes).
  o nbd: Aovid double completion of a request (git-fixes).
  o nbd: Fix NULL pointer in flush_workqueue (git-fixes).
  o net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412)
  o net/mlx5: Properly convey driver version to firmware (git-fixes).
  o net/mlx5e: Add missing capability check for uplink follow (bsc#1188412)
  o net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
  o net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext
    (git-fixes).
  o net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
  o net: usb: lan78xx: do not modify phy_device state concurrently (bsc#
    1188270)
  o nfs: fix acl memory leak of posix_acl_create() (git-fixes).
  o nvme-multipath: revalidate paths during rescan (bsc#1187211)
  o nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#
    1181972).
  o nvme-pci: fix NULL req in completion handler (bsc#1181972).
  o nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
  o nvme-pci: use unsigned for io queue depth (bsc#1181972).
  o nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
  o nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#
    1181972).
  o nvme: avoid possible double fetch in handling CQE (bsc#1181972).
  o nvme: code command_id with a genctr for use-after-free validation (bsc#
    1181972).
  o nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
  o nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
  o ocfs2: fix snprintf() checking (bsc#1189581).
  o ocfs2: fix zero out valid data (bsc#1189579).
  o ocfs2: initialize ip_next_orphan (bsc#1186731).
  o ocfs2: issue zeroout to EOF blocks (bsc#1189582).
  o ovl: allow upperdir inside lowerdir (bsc#1189323).
  o ovl: expand warning in ovl_d_real() (bsc#1189323).
  o ovl: fix missing revert_creds() on error path (bsc#1189323).
  o ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
  o ovl: skip getxattr of security labels (bsc#1189323).
  o params: lift param_set_uint_minmax to common code (bsc#1181972).
  o pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
  o perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest
    (bsc#1189225).
  o pinctrl: tigerlake: Fix GPIO mapping for newer version of software
    (git-fixes).
  o platform/x86: pcengines-apuv2: Add missing terminating entries to
    gpio-lookup tables (git-fixes).
  o post.sh: detect /usr mountpoint too
  o power: supply: max17042: handle fails of reading status register
    (git-fixes).
  o powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#
    SLE-13615 bsc#1180100 ltc#190257 git-fixes).
  o powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#
    SLE-13615 bsc#1180100 ltc#190257 git-fixes).
  o powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615
    bsc#1180100 ltc#190257 git-fixes).
  o powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages
    (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
  o powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable
    (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
  o powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#
    1189197 ltc#193906).
  o powerpc/pseries: Fix regression while building external modules (bsc#
    1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol
    which is kABI change but not kABI break.
  o powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885
    ltc#193722 git-fixes).
  o powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257
    git-fixes).
  o powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings
    (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
  o powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702
    git-fixes).
  o regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes).
  o regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
  o regulator: vctrl: Use locked regulator_get_voltage in probe path
    (git-fixes).
  o rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to
    use kmod with ZSTD support on non-Tumbleweed.
  o rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
  o rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since
    0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length
    check. Based on Martin Liska's change.
  o rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
  o rsi: fix an error code in rsi_probe() (git-fixes).
  o rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
  o s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#
    193817).
  o s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
  o scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#
    SLE-18970).
  o scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970).
  o scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
  o scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
  o scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
  o scsi: libfc: Fix array index out of bound exception (bsc#1188616).
  o scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
  o scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#
    1189385).
  o scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC
    completions (bsc#1189385).
  o scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc
    #1189385).
  o scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385).
  o scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385).
  o scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC
    completes (bsc#1189385).
  o scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385).
  o scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385).
  o scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#
    1189385).
  o scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#
    1189385).
  o scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385).
  o scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
  o scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
  o scsi: lpfc: Fix function description comments for vmid routines (bsc#
    1189385).
  o scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR
    request (bsc#1189385).
  o scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#
    1189385).
  o scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#
    1189385).
  o scsi: lpfc: Improve firmware download logging (bsc#1189385).
  o scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS
    handling (bsc#1189385).
  o scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash
    (git-fixes).
  o scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#
    1189385).
  o scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385).
  o scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385).
  o scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385).
  o scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#
    1189385).
  o scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385).
  o scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc
    #1189385).
  o scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
  o scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
  o scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#
    1189385).
  o scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc
    #1189385).
  o scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#
    1189385 jsc#SLE-18970).
  o scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#
    1189385 jsc#SLE-18970).
  o scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#
    SLE-18970).
  o scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385
    jsc#SLE-18970).
  o scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
  o scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#
    SLE-18970).
  o scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#
    SLE-18970).
  o scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
  o scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#
    SLE-18970).
  o scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#
    SLE-18970).
  o scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
  o scsi: qla2xxx: Add heartbeat check (bsc#1189392).
  o scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#
    1189392).
  o scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392).
  o scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
  o scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#
    1189392).
  o scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
  o scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392).
  o scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#
    1189392).
  o scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#
    1189392).
  o scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
  o scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
  o scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail()
    (bsc#1189392).
  o scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#
    1189392).
  o scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392).
  o scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392).
  o scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392).
  o scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
  o scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#
    1189392).
  o scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392).
  o scsi: qla2xxx: edif: Add key update (bsc#1189392).
  o scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#
    1189392).
  o scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
  o scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392).
  o scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#
    1184180).
  o scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392).
  o scsi: zfcp: Report port fc_security as unknown early during remote cable
    pull (git-fixes).
  o serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
  o serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes).
  o serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes).
  o serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver
    (git-fixes).
  o serial: tegra: Only print FIFO error message when an error occurs
    (git-fixes).
  o slimbus: messaging: check for valid transaction id (git-fixes).
  o slimbus: messaging: start transaction ids from 1 instead of zero
    (git-fixes).
  o slimbus: ngd: reset dma setup during runtime pm (git-fixes).
  o soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
  o soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
  o soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
  o soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
  o soc: ixp4xx: fix printing resources (git-fixes).
  o soc: ixp4xx: fix printing resources (git-fixes).
  o soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
  o soc: qcom: smsm: Fix missed interrupts if state changes while masked
    (git-fixes).
  o spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
  o spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
    (git-fixes).
  o spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes).
  o spi: mediatek: Fix fifo transfer (git-fixes).
  o spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes).
  o spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
    (git-fixes).
  o spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
  o spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
  o spi: stm32h7: fix full duplex irq handler handling (git-fixes).
  o staging: rtl8192u: Fix bitwise vs logical operator in
    TranslateRxSignalStuff819xUsb() (git-fixes).
  o staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
  o staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
  o staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
  o tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event
    name (git-fixes).
  o tracing / histogram: Give calculation hist_fields a size (git-fixes).
  o tracing: Reject string operand in the histogram expression (git-fixes).
  o tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
  o ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
  o ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
  o ubifs: Only check replay with inode type to judge if inode linked (bsc#
    1187455).
  o ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
  o ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#
    1189586).
  o usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA
    config is available (git-fixes).
  o usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
  o usb: dwc3: Separate field holding multiple properties (git-fixes).
  o usb: dwc3: Stop active transfers before halting the controller (git-fixes).
  o usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
  o usb: dwc3: Use devres to get clocks (git-fixes).
  o usb: dwc3: core: do not do suspend for device mode if already suspended
    (git-fixes).
  o usb: dwc3: debug: Remove newline printout (git-fixes).
  o usb: dwc3: gadget: Check MPS of the request length (git-fixes).
  o usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
  o usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable
    (git-fixes).
  o usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes).
  o usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
  o usb: dwc3: gadget: Do not setup more than requested (git-fixes).
  o usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
  o usb: dwc3: gadget: Fix handling ZLP (git-fixes).
  o usb: dwc3: gadget: Give back staled requests (git-fixes).
  o usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
  o usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes).
  o usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
  o usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes).
  o usb: dwc3: gadget: Set BESL config parameter (git-fixes).
  o usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
  o usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
  o usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
  o usb: dwc3: meson-g12a: add IRQ check (git-fixes).
  o usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init
    (git-fixes).
  o usb: dwc3: of-simple: add a shutdown (git-fixes).
  o usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
  o usb: dwc3: st: Add of_node_put() before return in probe function
    (git-fixes).
  o usb: dwc3: support continuous runtime PM with dual role (git-fixes).
  o usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
    (git-fixes).
  o usb: gadget: Export recommended BESL values (git-fixes).
  o usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes).
  o usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
  o usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes).
  o usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
  o usb: gadget: udc: at91: add IRQ check (git-fixes).
  o usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
  o usb: host: ohci-tmio: add IRQ check (git-fixes).
  o usb: host: xhci-rcar: Do not reload firmware after the completion
    (git-fixes).
  o usb: mtu3: fix the wrong HS mult value (git-fixes).
  o usb: mtu3: use @mult for HS isoc or intr (git-fixes).
  o usb: phy: fsl-usb: add IRQ check (git-fixes).
  o usb: phy: tahvo: add IRQ check (git-fixes).
  o usb: phy: twl6030: add IRQ checks (git-fixes).
  o usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#
    SLE-18766).
  o virt_wifi: fix error on connect (git-fixes).
  o wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
  o wireguard: allowedips: free empty intermediate nodes when removing single
    node (git-fixes).
  o wireguard: allowedips: remove nodes in O(1) (git-fixes).
  o writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
  o x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
  o x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489).
  o x86/fpu: Reset state for all signal restore failures (bsc#1152489).
  o x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
  o x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337).
  o x86/sev: Split up runtime #VC handler for correct state tracking (jsc#
    SLE-14337).
  o x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337).
  o x86/signal: Detect and prevent an alternate signal stack overflow (bsc#
    1152489).
  o x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959).
  o xen/events: Fix race in set_evtchn_to_irq (git-fixes).
  o xprtrdma: Pad optimization, revisited (bsc#1189760).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE MicroOS 5.1:
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2021-3205=1

Package List:

  o SUSE MicroOS 5.1 (aarch64 s390x x86_64):
       kernel-default-5.3.18-59.24.1
       kernel-default-base-5.3.18-59.24.1.18.12.1
       kernel-default-debuginfo-5.3.18-59.24.1
       kernel-default-debugsource-5.3.18-59.24.1


References:

  o https://www.suse.com/security/cve/CVE-2020-12770.html
  o https://www.suse.com/security/cve/CVE-2021-34556.html
  o https://www.suse.com/security/cve/CVE-2021-35477.html
  o https://www.suse.com/security/cve/CVE-2021-3640.html
  o https://www.suse.com/security/cve/CVE-2021-3653.html
  o https://www.suse.com/security/cve/CVE-2021-3656.html
  o https://www.suse.com/security/cve/CVE-2021-3679.html
  o https://www.suse.com/security/cve/CVE-2021-3732.html
  o https://www.suse.com/security/cve/CVE-2021-3739.html
  o https://www.suse.com/security/cve/CVE-2021-3743.html
  o https://www.suse.com/security/cve/CVE-2021-3753.html
  o https://www.suse.com/security/cve/CVE-2021-3759.html
  o https://www.suse.com/security/cve/CVE-2021-38160.html
  o https://www.suse.com/security/cve/CVE-2021-38166.html
  o https://www.suse.com/security/cve/CVE-2021-38198.html
  o https://www.suse.com/security/cve/CVE-2021-38204.html
  o https://www.suse.com/security/cve/CVE-2021-38205.html
  o https://www.suse.com/security/cve/CVE-2021-38206.html
  o https://www.suse.com/security/cve/CVE-2021-38207.html
  o https://www.suse.com/security/cve/CVE-2021-38209.html
  o https://bugzilla.suse.com/1040364
  o https://bugzilla.suse.com/1127650
  o https://bugzilla.suse.com/1135481
  o https://bugzilla.suse.com/1152489
  o https://bugzilla.suse.com/1160010
  o https://bugzilla.suse.com/1168202
  o https://bugzilla.suse.com/1171420
  o https://bugzilla.suse.com/1174969
  o https://bugzilla.suse.com/1175052
  o https://bugzilla.suse.com/1175543
  o https://bugzilla.suse.com/1177399
  o https://bugzilla.suse.com/1180100
  o https://bugzilla.suse.com/1180141
  o https://bugzilla.suse.com/1180347
  o https://bugzilla.suse.com/1181006
  o https://bugzilla.suse.com/1181148
  o https://bugzilla.suse.com/1181972
  o https://bugzilla.suse.com/1184180
  o https://bugzilla.suse.com/1185902
  o https://bugzilla.suse.com/1186264
  o https://bugzilla.suse.com/1186731
  o https://bugzilla.suse.com/1187211
  o https://bugzilla.suse.com/1187455
  o https://bugzilla.suse.com/1187468
  o https://bugzilla.suse.com/1187483
  o https://bugzilla.suse.com/1187619
  o https://bugzilla.suse.com/1187959
  o https://bugzilla.suse.com/1188067
  o https://bugzilla.suse.com/1188172
  o https://bugzilla.suse.com/1188231
  o https://bugzilla.suse.com/1188270
  o https://bugzilla.suse.com/1188412
  o https://bugzilla.suse.com/1188418
  o https://bugzilla.suse.com/1188616
  o https://bugzilla.suse.com/1188700
  o https://bugzilla.suse.com/1188780
  o https://bugzilla.suse.com/1188781
  o https://bugzilla.suse.com/1188782
  o https://bugzilla.suse.com/1188783
  o https://bugzilla.suse.com/1188784
  o https://bugzilla.suse.com/1188786
  o https://bugzilla.suse.com/1188787
  o https://bugzilla.suse.com/1188788
  o https://bugzilla.suse.com/1188790
  o https://bugzilla.suse.com/1188878
  o https://bugzilla.suse.com/1188885
  o https://bugzilla.suse.com/1188924
  o https://bugzilla.suse.com/1188982
  o https://bugzilla.suse.com/1188983
  o https://bugzilla.suse.com/1188985
  o https://bugzilla.suse.com/1189021
  o https://bugzilla.suse.com/1189057
  o https://bugzilla.suse.com/1189077
  o https://bugzilla.suse.com/1189153
  o https://bugzilla.suse.com/1189197
  o https://bugzilla.suse.com/1189209
  o https://bugzilla.suse.com/1189210
  o https://bugzilla.suse.com/1189212
  o https://bugzilla.suse.com/1189213
  o https://bugzilla.suse.com/1189214
  o https://bugzilla.suse.com/1189215
  o https://bugzilla.suse.com/1189216
  o https://bugzilla.suse.com/1189217
  o https://bugzilla.suse.com/1189218
  o https://bugzilla.suse.com/1189219
  o https://bugzilla.suse.com/1189220
  o https://bugzilla.suse.com/1189221
  o https://bugzilla.suse.com/1189222
  o https://bugzilla.suse.com/1189225
  o https://bugzilla.suse.com/1189229
  o https://bugzilla.suse.com/1189233
  o https://bugzilla.suse.com/1189262
  o https://bugzilla.suse.com/1189291
  o https://bugzilla.suse.com/1189292
  o https://bugzilla.suse.com/1189296
  o https://bugzilla.suse.com/1189298
  o https://bugzilla.suse.com/1189301
  o https://bugzilla.suse.com/1189305
  o https://bugzilla.suse.com/1189323
  o https://bugzilla.suse.com/1189384
  o https://bugzilla.suse.com/1189385
  o https://bugzilla.suse.com/1189392
  o https://bugzilla.suse.com/1189393
  o https://bugzilla.suse.com/1189399
  o https://bugzilla.suse.com/1189400
  o https://bugzilla.suse.com/1189427
  o https://bugzilla.suse.com/1189503
  o https://bugzilla.suse.com/1189504
  o https://bugzilla.suse.com/1189505
  o https://bugzilla.suse.com/1189506
  o https://bugzilla.suse.com/1189507
  o https://bugzilla.suse.com/1189562
  o https://bugzilla.suse.com/1189563
  o https://bugzilla.suse.com/1189564
  o https://bugzilla.suse.com/1189565
  o https://bugzilla.suse.com/1189566
  o https://bugzilla.suse.com/1189567
  o https://bugzilla.suse.com/1189568
  o https://bugzilla.suse.com/1189569
  o https://bugzilla.suse.com/1189573
  o https://bugzilla.suse.com/1189574
  o https://bugzilla.suse.com/1189575
  o https://bugzilla.suse.com/1189576
  o https://bugzilla.suse.com/1189577
  o https://bugzilla.suse.com/1189579
  o https://bugzilla.suse.com/1189581
  o https://bugzilla.suse.com/1189582
  o https://bugzilla.suse.com/1189583
  o https://bugzilla.suse.com/1189585
  o https://bugzilla.suse.com/1189586
  o https://bugzilla.suse.com/1189587
  o https://bugzilla.suse.com/1189706
  o https://bugzilla.suse.com/1189760
  o https://bugzilla.suse.com/1189762
  o https://bugzilla.suse.com/1189832
  o https://bugzilla.suse.com/1189841
  o https://bugzilla.suse.com/1189870
  o https://bugzilla.suse.com/1189872
  o https://bugzilla.suse.com/1189883
  o https://bugzilla.suse.com/1190022
  o https://bugzilla.suse.com/1190025
  o https://bugzilla.suse.com/1190115
  o https://bugzilla.suse.com/1190117
  o https://bugzilla.suse.com/1190412
  o https://bugzilla.suse.com/1190413
  o https://bugzilla.suse.com/1190428

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYWdnY+NLKJtyKPYoAQgOPw//fYHvzKSUOdeYbOCQftHGaSaxmBlzaCOq
7h7UVTWKGj8tlgx+VlCnCa5epEOq9C2WQnamOMLdhMZWzWBGWtX+/sJ12CYfizvm
FEF6+08/382Qtf74U5ONRuVbn8UoA58C7ZzlNOVwdQCF6LhMtzkf7pW92YdOYDjj
81W9nbyFk0LcM3nzoYLPk4jzsITlyiMt22xLTPUgAEr8MLbd9GKrwSf6lwC+h6ZW
eD3WDQjSjapgUoWqxRMsG9fWQiJ76+7h3IZPqBXDkrPePs0J+Nc2Jz84GtuOeItM
ntgk50tSm8vk23ImTK+6Guc8NPD9qpzQNaWFf3IPyqvVR3QmxNLQpisyjVsnnVZo
KMyc7Ot37G8Uwhw83XZVtHpk1CaIXwFeiQqjPvOSLPAXMoh1RnHSB/VrKOF2VSmS
KpqnBnHt/YyLrFxu05m3oFrtGmE2UUe2ZbBAS2javZi2ft1LDRHCt/+bc47nlVBs
lxuBIYwz35JTlYZWLF1UBRmXHhygcOTSzRafrVdIws3BSoKMb1YtPmsBoSTW9/hu
JSq02mnrw9p3dcmJExMrCQdU+jwE1cimUOUdKxZZu3FEqxn0AbZS9GhvFOmG36BW
qqUrr3E/gdMHRcyGeYG5IDG9kdAES92uXjzkdAsrnmseYsjsH7D+6BVFBnlR90+l
lE2I6xj0jVk=
=KT0V
-----END PGP SIGNATURE-----