Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2022.4007
Security update for the Linux Kernel
12 August 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2022-32250 CVE-2022-29581 CVE-2022-21505
CVE-2022-1462 CVE-2021-33655
Original Bulletin:
https://www.suse.com/support/update/announcement/2022/suse-su-20222722-1
Comment: CVSS (Max): 7.8 CVE-2022-32250 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2722-1
Rating: important
References: #1190256 #1190497 #1198410 #1198829 #1199086 #1199291
#1199364 #1199665 #1199670 #1200015 #1200465 #1200494
#1200644 #1200651 #1201258 #1201323 #1201381 #1201391
#1201427 #1201458 #1201471 #1201524 #1201592 #1201593
#1201595 #1201596 #1201635 #1201651 #1201675 #1201691
#1201705 #1201725 #1201846 #1201930 #1201954 #1201958
Cross-References: CVE-2021-33655 CVE-2022-1462 CVE-2022-21505 CVE-2022-29581
CVE-2022-32250
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 5 vulnerabilities, contains 9 features and has 31 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
o CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
(bnc#1201635).
o CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem
(bnc#1198829).
o CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
o CVE-2022-29581: Fixed improper update of Reference Count in net/sched that
could cause root privilege escalation (bnc#1199665).
o CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem.
This flaw allowed a local attacker with user access to cause a privilege
escalation issue (bnc#1200015, bnc#1200494).
The following non-security bugs were fixed:
o 9p: Fix refcounting during full path walks for fid lookups (git-fixes).
o 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
o 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
o ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
o ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes).
o ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
o ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
(git-fixes).
o ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
o ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
(git-fixes).
o ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
o ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
o ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
o ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
o ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes).
o ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
o ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
(git-fixes).
o ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes).
o ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of
idle (git-fixes).
o ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes).
o ARM: 9213/1: Print message about disabled Spectre workarounds only once
(git-fixes).
o ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
(git-fixes).
o ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
o ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
o ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
o ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
(git-fixes).
o ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes).
o ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
(git-fixes).
o ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
(git-fixes).
o ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem
(git-fixes).
o ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes).
o ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove
(git-fixes).
o ASoC: Remove unused hw_write_t type (git-fixes).
o ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes).
o ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe
(git-fixes).
o ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect
(git-fixes).
o ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
o ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes).
o ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
o ASoC: madera: Fix event generation for rate controls (git-fixes).
o ASoC: ops: Fix off by one in range control validation (git-fixes).
o ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend
(git-fixes).
o ASoC: rt5682: Fix deadlock on resume (git-fixes).
o ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes).
o ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes).
o ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes).
o ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
o ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes).
o ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver
(git-fixes).
o ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error
(git-fixes).
o ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes).
o ASoC: rt711: fix calibrate mutex initialization (git-fixes).
o ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
o ASoC: tas2764: Add post reset delays (git-fixes).
o ASoC: tas2764: Correct playback volume range (git-fixes).
o ASoC: tas2764: Fix amp gain register offset & default (git-fixes).
o ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes).
o ASoC: wcd938x: Fix event generation for some controls (git-fixes).
o ASoC: wm5110: Fix DRE control (git-fixes).
o Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
o Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
o Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
o Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
o Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
(git-fixes).
o Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
o Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
(git-fixes).
o Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes).
o Documentation: add description for net.core.gro_normal_batch (git-fixes).
o Documentation: add description for net.sctp.ecn_enable (git-fixes).
o Documentation: add description for net.sctp.intl_enable (git-fixes).
o Documentation: add description for net.sctp.reconf_enable (git-fixes).
o Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes).
o Documentation: move watch_queue to core-api (git-fixes).
o Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes).
o Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256).
o KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#
1201930).
o KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
(git-fixes).
o KVM: selftests: Silence compiler warning in the kvm_page_table_test
(git-fixes).
o NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
o VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
o VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#
SLE-24635).
o VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#
1199291, jsc#SLE-24635).
o VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#
SLE-24635).
o VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
o VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#
SLE-24635).
o VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#
SLE-24635).
o VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#
1199291, jsc#SLE-24635).
o VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
o VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291,
jsc#SLE-24635).
o VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
o VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#
1199291, jsc#SLE-24635).
o XArray: Update the LRU list in xas_split() (git-fixes).
o arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
o arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682).
o arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
o arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes).
o arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
o arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes).
o arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
o arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer
(git-fixes)
o arm_pmu: Validate single/group leader events (git-fixes).
o asm-generic: remove a broken and needless ifdef conditional (git-fixes).
o batman-adv: Use netif_rx() (git-fixes).
o bcmgenet: add WOL IRQ check (git-fixes).
o be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323).
o bitfield.h: Fix "type of reg too small for mask" test (git-fixes).
o blk-mq: add one API for waiting until quiesce is done (bsc#1201651).
o blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651).
o blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651).
o can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes).
o can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes).
o can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
o can: m_can: m_can_chip_config(): actually enable internal timestamping
(git-fixes).
o can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling
for mcp2517fd (git-fixes).
o can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC
on TBC register (git-fixes).
o can: rcar_canfd: add __maybe_unused annotation to silence warning
(git-fixes).
o ceph: fix up non-directory creation in SGID directories (bsc#1201595).
o cifs: fix reconnect on smb3 mount types (bsc#1201427).
o configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
o cpufreq: mediatek: Unregister platform device on exit (git-fixes).
o cpufreq: mediatek: Use module_init and add module_exit (git-fixes).
o cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
o cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
o crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
o crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682).
o crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
o crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682).
o crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682).
o crypto: octeontx2 - add synchronization between mailbox accesses (jsc#
SLE-24682).
o crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
o crypto: octeontx2 - increase CPT HW instruction queue length (jsc#
SLE-24682).
o crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete
() (jsc#SLE-24682).
o crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682).
o crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
o crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682).
o crypto: qat - fix memory leak in RSA (git-fixes).
o crypto: qat - remove dma_free_coherent() for DH (git-fixes).
o crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
o crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
o crypto: qat - set to zero DH parameters before free (git-fixes).
o crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#
1201258).
o device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
o device property: Check fwnode->secondary when finding properties
(git-fixes).
o dm: do not stop request queue after the dm device is suspended (bsc#
1201651).
o dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
(git-fixes).
o dma-debug: make things less spammy under memory pressure (git-fixes).
o dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
(git-fixes).
o dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
o dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
(git-fixes).
o dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
o dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
o dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
(git-fixes).
o dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
o docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
o docs: net: dsa: add more info about the other arguments to get_tag_protocol
(git-fixes).
o docs: net: dsa: delete port_mdb_dump (git-fixes).
o docs: net: dsa: document change_tag_protocol (git-fixes).
o docs: net: dsa: document port_fast_age (git-fixes).
o docs: net: dsa: document port_setup and port_teardown (git-fixes).
o docs: net: dsa: document the shutdown behavior (git-fixes).
o docs: net: dsa: document the teardown method (git-fixes).
o docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes).
o docs: net: dsa: remove port_vlan_dump (git-fixes).
o docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes).
o docs: net: dsa: update probing documentation (git-fixes).
o dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes).
o dpaa2-eth: destroy workqueue at the end of remove function (git-fixes).
o dpaa2-eth: unregister the netdev before disconnecting from the PHY
(git-fixes).
o drbd: fix potential silent data corruption (git-fixes).
o drivers: net: smc911x: Check for error irq (git-fixes).
o drm/amd/display: Fix by adding FPU protection for
dcn30_internal_validate_bw (git-fixes).
o drm/amd/display: Ignore First MST Sideband Message Return Error
(git-fixes).
o drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines
(git-fixes).
o drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
o drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
o drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
o drm/i915/dg2: Add Wa_22011100796 (git-fixes).
o drm/i915/gt: Serialize GRDOM access between multiple engine resets
(git-fixes).
o drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
o drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist()
(git-fixes).
o drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
o drm/i915/uc: correctly track uc_fw init failure (git-fixes).
o drm/i915: Fix a race between vma / object destruction and unbinding
(git-fixes).
o drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
o drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
(git-fixes).
o drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes).
o drm/mediatek: Detect CMDQ execution timeout (git-fixes).
o drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes).
o drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes).
o drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
o drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
o drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
o dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes).
o dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
o dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
(git-fixes).
o dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
(git-fixes).
o e1000e: Enable GPT clock before sending message to CSME (git-fixes).
o efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
o erofs: fix deadlock when shrink erofs slab (git-fixes).
o ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
o ethtool: Fix get module eeprom fallback (bsc#1201323).
o exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
o exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#
1201725).
o exfat: Drop superfluous new line for error messages (bsc#1201725).
o exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
o exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725).
o exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
o exfat: fix referencing wrong parent directory information after renaming
(git-fixes).
o exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
(git-fixes).
o exfat: use updated exfat_chain directly during renaming (git-fixes).
o export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
o fat: add ratelimit to fat*_ent_bread() (git-fixes).
o fbcon: Disallow setting font bigger than screen size (git-fixes).
o fbcon: Prevent that screen size is smaller than font size (git-fixes).
o fbdev: fbmem: Fix logo center image dx issue (git-fixes).
o fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
o fix race between exit_itimers() and /proc/pid/timers (git-fixes).
o fjes: Check for error irq (git-fixes).
o fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes).
o fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes).
o fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
o fuse: make sure reclaim does not write the inode (bsc#1201592).
o gpio: gpio-xilinx: Fix integer overflow (git-fixes).
o gpio: pca953x: only use single read/write for No AI mode (git-fixes).
o gpio: pca953x: use the correct range when do regmap sync (git-fixes).
o gpio: pca953x: use the correct register address when regcache sync during
init (git-fixes).
o gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
o gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
o gve: Recording rx queue before sending to napi (git-fixes).
o hwmon: (occ) Prevent power cap command overwriting poll response
(git-fixes).
o hwmon: (occ) Remove sequence numbering and checksum calculation
(git-fixes).
o hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682).
o i2c: cadence: Change large transfer count reset logic to be unconditional
(git-fixes).
o i2c: cadence: Unregister the clk notifier in error path (git-fixes).
o i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes).
o i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes).
o i2c: smbus: Check for parent device before dereference (git-fixes).
o i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
o i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
o i2c: tegra: Add the ACPI support (jsc#SLE-24569)
o i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
o ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes).
o ice: Fix error with handling of bonding MTU (git-fixes).
o ice: Fix race condition during interface enslave (git-fixes).
o ice: stop disabling VFs due to PF error responses (git-fixes).
o ida: do not use BUG_ON() for debugging (git-fixes).
o ima: Fix a potential integer overflow in ima_appraise_measurement
(git-fixes).
o ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
o ima: force signature verification when CONFIG_KEXEC_SIG is configured
(git-fixes).
o inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
o iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
o iov_iter: fix build issue due to possible type mis-match (git-fixes).
o irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#
SLE-24682).
o irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes).
o irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
(git-fixes).
o ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
o kABI workaround for phy_device changes (git-fixes).
o kABI workaround for rtsx_usb (git-fixes).
o kABI workaround for snd-soc-rt5682-* (git-fixes).
o kABI: fix adding field to scsi_device (git-fixes).
o kABI: fix adding field to ufs_hba (git-fixes).
o kABI: fix change of iscsi_host_remove() arguments (bsc#1198410).
o kABI: fix removal of iscsi_destroy_conn (bsc#1198410).
o kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for
"i2c: smbus: Use device_*() functions instead of of_*()"
o kabi/severities: Exclude ppc kvm
o kabi/severities: add intel ice
o kabi/severities: add stmmac network driver local symbols
o kabi/severities: ignore dropped symbol rt5682_headset_detect
o kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/
kasan)).
o kernel-obs-build: include qemu_fw_cfg (boo#1201705)
o kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
o kselftest/vm: fix tests build with old libc (git-fixes).
o kselftest: Fix vdso_test_abi return status (git-fixes).
o kselftest: signal all child processes (git-fixes).
o kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
o kvm: selftests: do not use bitfields larger than 32-bits for PTEs
(git-fixes).
o l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
netdev_master_upper_dev_get_rcu (git-fixes).
o landlock: Add clang-format exceptions (git-fixes).
o landlock: Change landlock_add_rule(2) argument check ordering (git-fixes).
o landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
o landlock: Create find_rule() from unmask_layers() (git-fixes).
o landlock: Define access_mask_t to enforce a consistent access mask size
(git-fixes).
o landlock: Fix landlock_add_rule(2) documentation (git-fixes).
o landlock: Fix same-layer rule unions (git-fixes).
o landlock: Format with clang-format (git-fixes).
o landlock: Reduce the maximum number of layers to 16 (git-fixes).
o landlock: Use square brackets around "landlock-ruleset" (git-fixes).
o libceph: fix potential use-after-free on linger ping and resends (bsc#
1201596).
o lockdep: Correct lock_classes index mapping (git-fixes).
o locking/lockdep: Avoid potential access of invalid memory in lock_class
(git-fixes).
o locking/lockdep: Iterate lock_classes directly when reading lockdep files
(git-fixes).
o loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
o loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
o macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
o macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
o macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
o macsec: limit replay window size with XPN (git-fixes).
o md: bcache: check the return value of kzalloc() in detached_dev_do_request
() (git-fixes).
o memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/
pgalloc)).
o memregion: Fix memregion_free() fallback definition (git-fixes).
o minix: fix bug when opening a file with O_DIRECT (git-fixes).
o misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
(git-fixes).
o misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
o misc: rtsx_usb: use separate command and response buffers (git-fixes).
o mm/large system hash: avoid possible NULL deref in alloc_large_system_hash
(git fixes (mm/pgalloc)).
o mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/
secretmem)).
o mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/
vmalloc)).
o mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git
fixes (mm/vmalloc)).
o mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/
vmalloc)).
o mm: do not try to NUMA-migrate COW pages that have other uses (git fixes
(mm/numa)).
o mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)).
o mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes).
o mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
o natsemi: xtensa: fix section mismatch warnings (git-fixes).
o nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
o net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes).
o net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
(git-fixes).
o net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
o net: ag71xx: Fix a potential double free in error handling paths
(git-fixes).
o net: altera: set a couple error code in probe() (git-fixes).
o net: amd-xgbe: Fix skb data length underflow (git-fixes).
o net: amd-xgbe: disable interrupts during pci removal (git-fixes).
o net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes).
o net: annotate data-races on txq->xmit_lock_owner (git-fixes).
o net: axienet: Fix TX ring slot available check (git-fixes).
o net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
o net: axienet: add missing memory barriers (git-fixes).
o net: axienet: fix for TX busy handling (git-fixes).
o net: axienet: fix number of TX ring slots for available check (git-fixes).
o net: axienet: increase default TX ring size to 128 (git-fixes).
o net: axienet: increase reset timeout (git-fixes).
o net: axienet: limit minimum TX ring size (git-fixes).
o net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes).
o net: bcmgenet: Do not claim WOL when its not available (git-fixes).
o net: bcmgenet: skip invalid partial checksums (git-fixes).
o net: chelsio: cxgb3: check the return value of pci_find_capability()
(git-fixes).
o net: cpsw: Properly initialise struct page_pool_params (git-fixes).
o net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account
(git-fixes).
o net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes).
o net: dsa: ar9331: register the mdiobus under devres (git-fixes).
o net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes).
o net: dsa: be compatible with masters which unregister on shutdown
(git-fixes).
o net: dsa: felix: do not use devres for mdiobus (git-fixes).
o net: dsa: hellcreek: be compatible with masters which unregister on
shutdown (git-fixes).
o net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
o net: dsa: lan9303: fix reset on probe (git-fixes).
o net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes).
o net: dsa: microchip: ksz8863: be compatible with masters which unregister
on shutdown (git-fixes).
o net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate()
(git-fixes).
o net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding
(git-fixes).
o net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes).
o net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes).
o net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister
(git-fixes).
o net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN
(git-fixes).
o net: dsa: xrs700x: be compatible with masters which unregister on shutdown
(git-fixes).
o net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
o net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
(git-fixes).
o net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops
(git-fixes).
o net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes).
o net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
(git-fixes).
o net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
o net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
o net: ieee802154: hwsim: Ensure proper channel selection at probe time
(git-fixes).
o net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
o net: ipa: add an interconnect dependency (git-fixes).
o net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes).
o net: ipa: prevent concurrent replenish (git-fixes).
o net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes).
o net: ks8851: Check for error irq (git-fixes).
o net: lantiq_xrx200: fix statistics of received bytes (git-fixes).
o net: ll_temac: check the return value of devm_kmalloc() (git-fixes).
o net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
o net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes).
o net: macsec: Verify that send_sci is on when setting Tx sci explicitly
(git-fixes).
o net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes).
o net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (git-fixes).
o net: marvell: prestera: fix incorrect return of port_find (git-fixes).
o net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
o net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower
offload (git-fixes).
o net: mscc: ocelot: fix mutex lock error during ethtool stats read
(git-fixes).
o net: mscc: ocelot: fix using match before it is set (git-fixes).
o net: mv643xx_eth: process retval from of_get_mac_address (git-fixes).
o net: mvpp2: fix XDP rx queues registering (git-fixes).
o net: phy: Do not trigger state machine while in suspend (git-fixes).
o net: phylink: Force link down and retrigger resolve on interface change
(git-fixes).
o net: phylink: Force retrigger in case of latched link-fail indicator
(git-fixes).
o net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
o net: sfp: fix high power modules without diagnostic monitoring (git-fixes).
o net: sfp: ignore disabled SFP node (git-fixes).
o net: sparx5: Fix add vlan when invalid operation (git-fixes).
o net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
o net: stmmac: Add platform level debug register dump feature (git-fixes).
o net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support
(git-fixes).
o net: stmmac: configure PTP clock source prior to PTP initialization
(git-fixes).
o net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
o net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes).
o net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL
(git-fixes).
o net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode
(git-fixes).
o net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M
(git-fixes).
o net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected
speed request (git-fixes).
o net: stmmac: ensure PTP time register reads are consistent (git-fixes).
o net: stmmac: fix return value of __setup handler (git-fixes).
o net: stmmac: fix tc flower deletion for VLAN priority Rx steering
(git-fixes).
o net: stmmac: properly handle with runtime pm in stmmac_dvr_remove()
(git-fixes).
o net: stmmac: ptp: fix potentially overflowing expression (git-fixes).
o net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes).
o net: stmmac: skip only stmmac_ptp_register when resume from suspend
(git-fixes).
o net: sxgbe: fix return value of __setup handler (git-fixes).
o net: systemport: Add global locking for descriptor lifecycle (git-fixes).
o net: usb: Correct PHY handling of smsc95xx (git-fixes).
o net: usb: Correct reset handling of smsc95xx (git-fixes).
o net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
o net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
o netdevsim: do not overwrite read only ethtool parms (git-fixes).
o nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
o nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes).
o nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
o nilfs2: fix lockdep warnings in page operations for btree nodes
(git-fixes).
o nouveau/svm: Fix to migrate all requested pages (git-fixes).
o nvme-auth: retry command if DNR bit is not set (bsc#1201675).
o nvme: add APIs for stopping/starting admin queue (bsc#1201651).
o nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651).
o nvme: consider also host_iface when checking ip options (bsc#1199670).
o nvme: implement In-Band authentication (jsc#SLE-20183).
o nvme: kabi fixes for in-band authentication (bsc#1199086).
o nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is
reallocated (bsc#1201651).
o nvme: paring quiesce/unquiesce (bsc#1201651).
o nvme: prepare for pairing quiescing and unquiescing (bsc#1201651).
o nvme: wait until quiesce is done (bsc#1201651).
o nvmet-auth: expire authentication sessions (jsc#SLE-20183).
o nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
o octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes).
o octeontx2-af: Do not fixup all VF action entries (git-fixes).
o octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
o octeontx2-af: Fix some memory leaks in the error handling path of
'cgx_lmac_init()' (git-fixes).
o octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces
(git-fixes).
o octeontx2-pf: Forward error codes to VF (git-fixes).
o optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
o page_alloc: fix invalid watemark check on a negative value (git fixes (mm/
pgalloc)).
o perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
o perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute
(jsc#SLE-24578).
o perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578).
o perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#
SLE-24578).
o pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
o pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource()
(git-fixes).
o pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes).
o pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
(git-fixes).
o pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
o pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
o platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
o power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
(git-fixes).
o powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#
198761).
o powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#
1201846 ltc#198761).
o powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#
1200465 ltc#197256 jsc#SLE-18130).
o powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#
197256 jsc#SLE-18130).
o powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#
1200465 ltc#197256 jsc#SLE-18130).
o powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#
198761).
o ppp: ensure minimum packet size in ppp_write() (git-fixes).
o qede: validate non LSO skb length (git-fixes).
o r8152: fix a WOL issue (git-fixes).
o r8169: fix accessing unset transport header (git-fixes).
o random: document add_hwgenerator_randomness() with other input functions
(git-fixes).
o random: fix typo in comments (git-fixes).
o raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
o reset: Fix devm bulk optional exclusive control getter (git-fixes).
o rocker: fix a sleeping in atomic bug (git-fixes).
o rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
o rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
o samples/landlock: Add clang-format exceptions (git-fixes).
o samples/landlock: Fix path_list memory leak (git-fixes).
o samples/landlock: Format with clang-format (git-fixes).
o scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
o scripts/gdb: change kernel config dumping method (git-fixes).
o scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
o scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
o scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651).
o scsi: core: sd: Add silence_suspend flag to suppress some PM messages
(git-fixes).
o scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410).
o scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410).
o scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#
1198410).
o scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410).
o scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes).
o scsi: iscsi: Fix HW conn removal use after free (bsc#1198410).
o scsi: iscsi: Fix session removal on shutdown (bsc#1198410).
o scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410).
o scsi: lpfc: Fix mailbox command failure during driver initialization
(git-fixes).
o scsi: make sure that request queue queiesce and unquiesce balanced (bsc#
1201651).
o scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
o scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410).
o scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#
1201958).
o scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
o scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
o scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
o scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#
1201958).
o scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
o scsi: qla2xxx: Update manufacturer details (bsc#1201958).
o scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
o scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
o scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
o scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes).
o scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes).
o scsi: scsi_debug: Fix zone transition to full condition (git-fixes).
o scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select
() (git-fixes).
o scsi: sd: Fix potential NULL pointer dereference (git-fixes).
o scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes).
o scsi: ufs: Fix a deadlock in the error handler (git-fixes).
o scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes).
o scsi: ufs: Remove dead code (git-fixes).
o scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
o seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
o selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
o selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#
197256 jsc#SLE-18130).
o selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
o selftest/vm: verify mmap addr in mremap_test (git-fixes).
o selftest/vm: verify remap destination address in mremap_test (git-fixes).
o selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
o selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
o selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
o selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
o selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(git-fixes).
o selftests/ftrace: make kprobe profile testcase description unique
(git-fixes).
o selftests/landlock: Add clang-format exceptions (git-fixes).
o selftests/landlock: Add tests for O_PATH (git-fixes).
o selftests/landlock: Add tests for unknown access rights (git-fixes).
o selftests/landlock: Extend access right tests to directories (git-fixes).
o selftests/landlock: Extend tests for minimal valid attribute size
(git-fixes).
o selftests/landlock: Format with clang-format (git-fixes).
o selftests/landlock: Fully test file rename with "remove" access
(git-fixes).
o selftests/landlock: Make tests build with old libc (git-fixes).
o selftests/landlock: Normalize array assignment (git-fixes).
o selftests/landlock: Test landlock_create_ruleset(2) argument check ordering
(git-fixes).
o selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
o selftests/memfd: remove unused variable (git-fixes).
o selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes).
o selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems
(git-fixes).
o selftests/net: so_txtime: usage(): fix documentation of default clock
(git-fixes).
o selftests/net: timestamping: Fix bind_phc check (git-fixes).
o selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
o selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
(git-fixes).
o selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
o selftests/resctrl: Fix null pointer dereference on open failed (git-fixes).
o selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
o selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for
load/store (git-fixes).
o selftests/rseq: Fix ppc32 offsets by using long rather than off_t
(git-fixes).
o selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
(git-fixes).
o selftests/rseq: Fix warnings about #if checks of undefined tokens
(git-fixes).
o selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
o selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
o selftests/rseq: Introduce thread pointer getters (git-fixes).
o selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes).
o selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
o selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
o selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
(git-fixes).
o selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
o selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes).
o selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread
area (git-fixes).
o selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread
area (git-fixes).
o selftests/seccomp: Do not call read() on TTY from background pgrp
(git-fixes).
o selftests/seccomp: Fix seccomp failure by adding missing headers
(git-fixes).
o selftests/sgx: Treat CC as one argument (git-fixes).
o selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
o selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup
setting (git-fixes).
o selftests/x86: Add validity check and allow field splitting (git-fixes).
o selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
o selftests/zram: Adapt the situation that /dev/zram0 is being used
(git-fixes).
o selftests/zram: Skip max_comp_streams interface on newer kernel
(git-fixes).
o selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
o selftests: Fix IPv6 address bind tests (git-fixes).
o selftests: Fix raw socket bind tests with VRF (git-fixes).
o selftests: add ping test with ping_group_range tuned (git-fixes).
o selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644
(git-fixes).
o selftests: cgroup: Test open-time cgroup namespace usage for migration
checks (git-fixes).
o selftests: cgroup: Test open-time credential usage for migration checks
(git-fixes).
o selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
o selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
o selftests: forwarding: fix error message in learning_test (git-fixes).
o selftests: forwarding: fix flood_unicast_test when h2 supports
IFF_UNICAST_FLT (git-fixes).
o selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
(git-fixes).
o selftests: futex: Use variable MAKE instead of make (git-fixes).
o selftests: gpio: fix gpio compiling error (git-fixes).
o selftests: harness: avoid false negatives if test has no ASSERTs
(git-fixes).
o selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
o selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is
operational (git-fixes).
o selftests: mlxsw: resource_scale: Fix return value (git-fixes).
o selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
o selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
(git-fixes).
o selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
o selftests: mptcp: fix diag instability (git-fixes).
o selftests: mptcp: fix ipv6 routing setup (git-fixes).
o selftests: mptcp: more stable diag tests (git-fixes).
o selftests: net: Correct case name (git-fixes).
o selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
o selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
o selftests: net: tls: remove unused variable and code (git-fixes).
o selftests: net: udpgro_fwd.sh: explicitly checking the available ping
feature (git-fixes).
o selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
o selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
o selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh
(git-fixes).
o selftests: netfilter: disable rp_filter on router (git-fixes).
o selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
o selftests: nft_concat_range: add test for reload with no element add/del
(git-fixes).
o selftests: ocelot: tc_flower_chains: specify conform-exceed action for
policer (git-fixes).
o selftests: openat2: Add missing dependency in Makefile (git-fixes).
o selftests: openat2: Print also errno in failure messages (git-fixes).
o selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
o selftests: pmtu.sh: Kill nettest processes launched in subshell
(git-fixes).
o selftests: pmtu.sh: Kill tcpdump processes launched by subshell
(git-fixes).
o selftests: rtc: Increase test timeout so that all tests run (git-fixes).
o selftests: skip mincore.check_file_mmap when fs lacks needed support
(git-fixes).
o selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
o selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
o selftests: vm: fix clang build error multiple output files (git-fixes).
o selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
(git-fixes).
o serial: 8250: Fix PM usage_count for console handover (git-fixes).
o serial: 8250: fix return error code in serial8250_request_std_resource()
(git-fixes).
o serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
o serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
o serial: stm32: Clear prev values before setting RTS delays (git-fixes).
o smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
o soc: ixp4xx/npe: Fix unused match warning (git-fixes).
o spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
o spi: amd: Limit max transfer and message size (git-fixes).
o spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA
transfers (git-fixes).
o spi: tegra210-quad: add acpi support (jsc#SLE-24570)
o spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
o spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
o spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
o spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
o supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183)
o supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#
SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
o supported.conf: rvu_mbox as supported (jsc#SLE-24682)
o sysctl: Fix data races in proc_dointvec() (git-fixes).
o sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
o sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
o sysctl: Fix data races in proc_douintvec() (git-fixes).
o sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
o sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
o sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
o sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
o tee: fix put order in teedev_close_context() (git-fixes).
o tee: optee: do not check memref size on return from Secure World
(git-fixes).
o tee: tee_get_drvdata(): fix description of return value (git-fixes).
o testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
(git-fixes).
o testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
o testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
o tests: fix idmapped mount_setattr test (git-fixes).
o tools include UAPI: Sync sound/asound.h copy with the kernel sources
(git-fixes).
o tools/nolibc: fix incorrect truncation of exit code (git-fixes).
o tools/nolibc: i386: fix initial stack alignment (git-fixes).
o tools/nolibc: x86-64: Fix startup code bug (git-fixes).
o tools/testing/scatterlist: add missing defines (git-fixes).
o tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
o tty: n_gsm: Save dlci address open status when config requester
(git-fixes).
o tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
o tty: n_gsm: fix decoupled mux resource (git-fixes).
o tty: n_gsm: fix encoding of command/response bit (git-fixes).
o tty: n_gsm: fix frame reception handling (git-fixes).
o tty: n_gsm: fix incorrect UA handling (git-fixes).
o tty: n_gsm: fix insufficient txframe size (git-fixes).
o tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
o tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
o tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
o tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
o tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes).
o tty: n_gsm: fix missing update of modem controls after DLCI open
(git-fixes).
o tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
o tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
o tty: n_gsm: fix reset fifo race condition (git-fixes).
o tty: n_gsm: fix restart handling via CLD command (git-fixes).
o tty: n_gsm: fix software flow control handling (git-fixes).
o tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output()
(git-fixes).
o tty: n_gsm: fix wrong DLCI release order (git-fixes).
o tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
o tty: n_gsm: fix wrong command retry handling (git-fixes).
o tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
(git-fixes).
o tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
o tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
o tun: avoid double free in tun_free_netdev (git-fixes).
o tun: fix bonding active backup with arp monitoring (git-fixes).
o tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
(git-fixes).
o tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
o uaccess: fix type mismatch warnings from access_ok() (git-fixes).
o ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
o ucounts: Fix rlimit max values check (git-fixes).
o ucounts: Fix systemd LimitNPROC with private users regression (git-fixes).
o ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
o ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
o udmabuf: add back sanity check (git-fixes).
o usb: dwc3: gadget: Fix event pending check (git-fixes).
o usb: serial: ftdi_sio: add Belimo device ids (git-fixes).
o usb: typec: add missing uevent when partner support PD (git-fixes).
o usbnet: Run unregister_netdev() before unbind() again (git-fixes).
o usbnet: fix memory leak in error case (git-fixes).
o userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
o veth: Do not record rx queue hint in veth_xmit (git-fixes).
o veth: ensure skb entering GRO are not cloned (git-fixes).
o video: of_display_timing.h: include errno.h (git-fixes).
o virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
o virtio_mmio: Restore guest page size on resume (git-fixes).
o vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
(git-fixes).
o vsock/virtio: enable VQs early on probe (git-fixes).
o vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
o vsock/virtio: read the negotiated features before using VQs (git-fixes).
o vsock: remove vsock from connected table when connect is interrupted by a
signal (git-fixes).
o vt: fix memory overlapping when deleting chars in the buffer (git-fixes).
o watch-queue: remove spurious double semicolon (git-fixes).
o watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
o watch_queue: Fix missing rcu annotation (git-fixes).
o watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
o watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes).
o wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
o wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes).
o wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
o x86/bugs: Remove apostrophe typo (bsc#1190497).
o x86/entry: Remove skip_r11rcx (bsc#1201524).
o x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471).
o xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
(bsc#1201381).
o xhci: Set HCD flag to defer primary roothub registration (git-fixes).
o xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
o xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
o xhci: dbc: refactor xhci_dbc_init() (git-fixes).
o xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
(git-fixes).
o xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
o zonefs: Clear inode information flags on inode creation (git-fixes).
o zonefs: Fix management of open zones (git-fixes).
o zonefs: add MODULE_ALIAS_FS (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2722=1
o SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2722=1
Package List:
o openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-azure-5.14.21-150400.14.10.1
cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.10.1
dlm-kmp-azure-5.14.21-150400.14.10.1
dlm-kmp-azure-debuginfo-5.14.21-150400.14.10.1
gfs2-kmp-azure-5.14.21-150400.14.10.1
gfs2-kmp-azure-debuginfo-5.14.21-150400.14.10.1
kernel-azure-5.14.21-150400.14.10.1
kernel-azure-debuginfo-5.14.21-150400.14.10.1
kernel-azure-debugsource-5.14.21-150400.14.10.1
kernel-azure-devel-5.14.21-150400.14.10.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.10.1
kernel-azure-extra-5.14.21-150400.14.10.1
kernel-azure-extra-debuginfo-5.14.21-150400.14.10.1
kernel-azure-livepatch-devel-5.14.21-150400.14.10.1
kernel-azure-optional-5.14.21-150400.14.10.1
kernel-azure-optional-debuginfo-5.14.21-150400.14.10.1
kernel-syms-azure-5.14.21-150400.14.10.1
kselftests-kmp-azure-5.14.21-150400.14.10.1
kselftests-kmp-azure-debuginfo-5.14.21-150400.14.10.1
ocfs2-kmp-azure-5.14.21-150400.14.10.1
ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.10.1
reiserfs-kmp-azure-5.14.21-150400.14.10.1
reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.10.1
o openSUSE Leap 15.4 (noarch):
kernel-devel-azure-5.14.21-150400.14.10.1
kernel-source-azure-5.14.21-150400.14.10.1
o SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64):
kernel-azure-5.14.21-150400.14.10.1
kernel-azure-debuginfo-5.14.21-150400.14.10.1
kernel-azure-debugsource-5.14.21-150400.14.10.1
kernel-azure-devel-5.14.21-150400.14.10.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.10.1
kernel-syms-azure-5.14.21-150400.14.10.1
o SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):
kernel-devel-azure-5.14.21-150400.14.10.1
kernel-source-azure-5.14.21-150400.14.10.1
References:
o https://www.suse.com/security/cve/CVE-2021-33655.html
o https://www.suse.com/security/cve/CVE-2022-1462.html
o https://www.suse.com/security/cve/CVE-2022-21505.html
o https://www.suse.com/security/cve/CVE-2022-29581.html
o https://www.suse.com/security/cve/CVE-2022-32250.html
o https://bugzilla.suse.com/1190256
o https://bugzilla.suse.com/1190497
o https://bugzilla.suse.com/1198410
o https://bugzilla.suse.com/1198829
o https://bugzilla.suse.com/1199086
o https://bugzilla.suse.com/1199291
o https://bugzilla.suse.com/1199364
o https://bugzilla.suse.com/1199665
o https://bugzilla.suse.com/1199670
o https://bugzilla.suse.com/1200015
o https://bugzilla.suse.com/1200465
o https://bugzilla.suse.com/1200494
o https://bugzilla.suse.com/1200644
o https://bugzilla.suse.com/1200651
o https://bugzilla.suse.com/1201258
o https://bugzilla.suse.com/1201323
o https://bugzilla.suse.com/1201381
o https://bugzilla.suse.com/1201391
o https://bugzilla.suse.com/1201427
o https://bugzilla.suse.com/1201458
o https://bugzilla.suse.com/1201471
o https://bugzilla.suse.com/1201524
o https://bugzilla.suse.com/1201592
o https://bugzilla.suse.com/1201593
o https://bugzilla.suse.com/1201595
o https://bugzilla.suse.com/1201596
o https://bugzilla.suse.com/1201635
o https://bugzilla.suse.com/1201651
o https://bugzilla.suse.com/1201675
o https://bugzilla.suse.com/1201691
o https://bugzilla.suse.com/1201705
o https://bugzilla.suse.com/1201725
o https://bugzilla.suse.com/1201846
o https://bugzilla.suse.com/1201930
o https://bugzilla.suse.com/1201954
o https://bugzilla.suse.com/1201958
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBYvWxVskNZI30y1K9AQgNTRAAvYUYRF3Ya6uEIyBS2dUQghvO85vUElo+
YK5X/LzM18cf+mnAeTICq7WHUy9fl70Z968gsLJhgyZufmyiIsjB0wrs9YcvpVpF
JgiQbE/9fjBagSIg3TBSto7EWxLCOf3HemW3aD2JsWU9IdMhcGxdqRMrf3A0dQgG
9M96xOlpNSvFzQeeP6CdoinFEjZ0FjYNGR5E3ayUTiB79AnNpWH7hmSzzHWKHs6r
fYRYunnhsa6Vtu6tMvj9D1nxQ7DDkMuNuf/YgOXwJ7im43K8DcNxjr993eiCDwCf
ZEI0W9ATwK6IzA7wly6D67Z3l9vR7RJrTwlZ4DubeAunKd9HVUmwS5pfVnNgNegn
T16MXJ/ScHtmVF/XDN/NVEtOZvbgi5szuyctq6vQOfgKUbiEm5p3nO4P5TIn+iG3
ICQFjjwuiTNRK2DCWL6ceu1ojqY7kMTbGtrZIkkITbDlwqqsu7kCe6WAIqKZu1gy
kIJBDqcqJVbf/R3oCjOlByzBflQgcJqW0xIByZ0pRILBoBXzXlX10MjV4me5kJ6L
Chqqga1aCVQ8et3MlzZQJDhuRZwMiZicCSGTbzDl5XD8rEfdyw5o/ZrWo8r0z+Sn
mpJ/mqA86L4HjYKmoKVv8Pd/XPG2EObnh+39S8ZXUvejvrjhcG7q7wbM6h31XnR8
lKjvU05p3bk=
=WeSo
-----END PGP SIGNATURE-----