SUSE-SU-2024:1663-1

The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
• CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
• CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
• CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
• CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
• CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpudmfini() (bsc#1223714).
• CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
• CVE-2024-27038: Fixed clkcoreget NULL pointer dereference (bsc#1223816).
• CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
• CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
• CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
• CVE-2024-26993: Fixed fs/sysfs reference leak in sysfsbreakactive_protection() (bsc#1223693).
• CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
• CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
• CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
• CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
• CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
• CVE-2024-26960: Fixed mm/swap race between freeswapand_cache() and swapoff() (bsc#1223655).
• CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
• CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
• CVE-2024-26948: Fixed drm/amd/display by adding dcstate NULL check in dcstate_release (bsc#1223664).
• CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
• CVE-2024-26901: Fixed dosysnametohandle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
• CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
• CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
• CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
• CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
• CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
• CVE-2024-26882: Fixed net/iptunnel to make sure to pull inner header in iptunnel_rcv() (bsc#1223034).
• CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
• CVE-2024-26879: Fixed clk/meson by adding missing clocks to axgclkregmaps (bsc#1223066).
• CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
• CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spicontrollerput call (bsc#1223024).
• CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
• CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
• CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
• CVE-2024-26856: Fixed use-after-free inside sparx5delmact_entry (bsc#1223052).
• CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in icebridgesetlink() (bsc#1223051).
• CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
• CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6routempath_notify() (bsc#1223057).
• CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
• CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
• CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
• CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
• CVE-2024-26816: Fixed relocations in .notes section when building with CONFIGXENPV=y by ignoring them (bsc#1222624).
• CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
• CVE-2024-26805: Fixed a kernel-infoleak-after-free in _skbdatagram_iter in netlink (bsc#1222630).
• CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
• CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
• CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
• CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4mbtrybestfound() (bsc#1222618).
• CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4mbfindbygoal() (bsc#1222613).
• CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
• CVE-2024-26766: Fixed SDMA off-by-one error in padsdmatxdescs() (bsc#1222726).
• CVE-2024-26764: Fixed IOCBAIORW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
• CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
• CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
• CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596).
• CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtpgenldump_pdp() in gtp (bsc#1222632).
• CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiodlookuptable (bsc#1222724).
• CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
• CVE-2024-26744: Fixed null pointer dereference in srptserviceguid parameter in rdma/srpt (bsc#1222449).
• CVE-2024-26743: Fixed memory leak in qedrcreateuser_qp error flow in rdma/qedr (bsc#1222677).
• CVE-2024-26737: Fixed selftests/bpf racing between bpftimercancelandfree and bpftimercancel (bsc#1222557).
• CVE-2024-26733: Fixed an overflow in arpreqget() in arp (bsc#1222585).
• CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
• CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
• CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
• CVE-2024-26696: Fixed nilfs2 hang in nilfslookupdirtydatabuffers() (bsc#1222549).
• CVE-2024-26689: Fixed a use-after-free in encodecapmsg() (bsc#1222503).
• CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
• CVE-2024-26685: Fixed nilfs2 potential bug in endbufferasync_write (bsc#1222437).
• CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
• CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsimdevtrapreportwork() (bsc#1222431).
• CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
• CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
• CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
• CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
• CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
• CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
• CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
• CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
• CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
• CVE-2024-23848: Fixed media/cec for possible use-after-free in cecqueuemsg_fh (bsc#1219104).
• CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
• CVE-2024-22099: Fixed a null-pointer-dereference in rfcommchecksecurity (bsc#1219170).
• CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfsfillsuper function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
• CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctpautoasconf_init in net/sctp/socket.c (bsc#1218917).
• CVE-2023-6270: Fixed a use-after-free issue in aoecmdcfgpkts (bsc#1218562).
• CVE-2023-52652: Fixed NTB for possible name leak in ntbregisterdevice() (bsc#1223686).
• CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
• CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
• CVE-2023-52635: Fixed PM/devfreq to synchronize devfreqmonitor[start/stop] (bsc#1222294).
• CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
• CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
• CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpiecinit (bsc#1221612).
• CVE-2023-52614: Fixed PM/devfreq buffer overflow in transstatshow (bsc#1221617).
• CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfxsetmfp_ap() (bsc#1221042).
• CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
• CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
• CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
• CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpurasqueryerrorstatus_helper() (bsc#1221080).
• CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
• CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdteeclosesession (bsc#1220915).
• CVE-2023-52488: Fixed serial/sc16is7xx convert from raw to noinc regmap functions for FIFO (bsc#1221162).
• CVE-2022-48701: Fixed an out-of-bounds bug in _sndusbparseaudio_interface() (bsc#1223921).
• CVE-2022-48662: Fixed a general protection fault (GPF) in i915perfopen_ioctl (bsc#1223505).
• CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
• CVE-2022-48658: Fixed mm/slub to avoid a problem in flushcpuslab()/_freeslab() task context (bsc#1223496).
• CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
• CVE-2022-48642: Fixed netfilter/nftables percpu memory leak at nftables_addchain() (bsc#1223478).
• CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bondrrgenslaveid (bsc#1223499).
• CVE-2022-48631: Fixed a bug in ext4, when parsing extents where ehentries == 0 and ehdepth > 0 (bsc#1223475).
• CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlbmcopyatomic_pte() (bsc#1222710).
• CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
• CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
• CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
• CVE-2021-47202: Fixed NULL pointer dereferences in ofthermal functions (bsc#1222878)
• CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drmgemttmmmap() and drmgemttmmmap() (bsc#1222838).
• CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
• CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
• CVE-2021-47185: Fixed a softlockup issue in flushtoldisc in tty tty_buffer (bsc#1222669).
• CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
• CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
• CVE-2021-47182: Fixed scsimodesense() buffer length handling (bsc#1222662).
• CVE-2021-47181: Fixed a null pointer dereference caused by calling platformgetresource() (bsc#1222660).

The following non-security bugs were fixed:

• ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
• ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
• ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
• ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
• ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
• ALSA: hda: intel-sdw-acpi: fix usage of devicegetnamedchildnode() (git-fixes).
• ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
• ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
• ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
• ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
• ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
• ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
• ASoC: meson: axg-card: make links nonatomic (git-fixes).
• ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
• ASoC: meson: cards: select SNDDYNAMICMINORS (git-fixes).
• ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
• ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
• ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
• Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
• Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
• Bluetooth: Fix memory leak in hcireqsync_complete() (git-fixes).
• Bluetooth: Fix type of len in {l2cap,sco}sockgetsockopt_old() (stable-fixes).
• Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
• Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
• Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
• Bluetooth: add quirk for broken address properties (git-fixes).
• Bluetooth: btintel: Fix null ptr deref in btintelreadversion (stable-fixes).
• Bluetooth: btintel: Fixe build regression (git-fixes).
• Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
• Bluetooth: hcievent: Fix sending HCIOPREADENCKEYSIZE (git-fixes).
• Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
• Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
• Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
• Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
• HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
• HID: logitech-dj: allow mice to use all types of reports (git-fixes).
• HID: uhid: Use READONCE()/WRITEONCE() for ->running (stable-fixes).
• Input: allocate keycode for Display refresh rate toggle (stable-fixes).
• Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
• NFC: trf7970a: disable all regulators on removal (git-fixes).
• NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
• PCI/AER: Block runtime suspend when handling errors (git-fixes).
• PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
• PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
• PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
• PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
• PCI: Drop pcideviceremove() test of pci_dev->driver (git-fixes).
• PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
• RAS: Avoid build errors when CONFIGDEBUGFS=n (jsc#PED-7619).
• RDMA/cm: Print the old state when cmdestroyid gets timeout (git-fixes).
• RDMA/cm: add timeout to cmdestroyid wait (git-fixes)
• README.BRANCH: Correct email address for Petr Tesarik
• README.BRANCH: Remove copy of branch name
• Reapply 'drm/qxl: simplify qxlfencewait' (stable-fixes).
• Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
• Revert 'drm/qxl: simplify qxlfencewait' (git-fixes).
• Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
• Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
• Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
• USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
• USB: serial: add device ID for VeriFone adapter (stable-fixes).
• USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
• USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
• USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
• USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
• USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
• USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
• USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
• USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
• USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
• USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
• ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
• ahci: asm1064: correct count of reported ports (stable-fixes).
• arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
• arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
• arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
• arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
• arm64: dts: rockchip: enable internal pull-up on Q7USBID for RK3399 (git-fixes)
• arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
• arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
• arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
• ax25: fix use-after-free bugs caused by ax25dsdel_timer (git-fixes).
• batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
• bcache: Fix _bchbtreenodealloc to make the failure behavior consistent (git-fixes).
• bcache: Remove dead references to cache_readaheads (git-fixes).
• bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
• bcache: add code comments for bchbtreenodeget() and _bchbtreenode_alloc() (git-fixes).
• bcache: avoid NULL checking to c->root in runcacheset() (git-fixes).
• bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
• bcache: bset: Fix comment typos (git-fixes).
• bcache: check return value from btreenodealloc_replacement() (git-fixes).
• bcache: fix NULL pointer reference in cacheddevdetach_finish (git-fixes).
• bcache: fix error info in register_bcache() (git-fixes).
• bcache: fixup bcachedevsectorsdirtyadd() multithreaded CPU false sharing (git-fixes).
• bcache: fixup btreecachewait list damage (git-fixes).
• bcache: fixup init dirty data errors (git-fixes).
• bcache: fixup lock c->root error (git-fixes).
• bcache: fixup multi-threaded bchsectorsdirty_init() wake-up race (git-fixes).
• bcache: move calccacheddev_sectors to proper place on backing device detach (git-fixes).
• bcache: move uapi header bcache.h to bcache code directory (git-fixes).
• bcache: prevent potential division by zero error (git-fixes).
• bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
• bcache: remove redundant assignment to variable cur_idx (git-fixes).
• bcache: remove the backingdevname field from struct cached_dev (git-fixes).
• bcache: remove the cachedevname field from struct cache (git-fixes).
• bcache: remove unnecessary flush_workqueue (git-fixes).
• bcache: remove unused bchmarkcache_readahead function def in stats.h (git-fixes).
• bcache: replace a mistaken ISERR() by ISERRORNULL() in btreegccoalesce() (git-fixes).
• bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
• bcache: revert replacing ISERRORNULL with ISERR (git-fixes).
• bcache: use bveckmaplocal in bchdataverify (git-fixes).
• bcache: use bveckmaplocal in bio_csum (git-fixes).
• bcache: use defaultgroups in kobjtype (git-fixes).
• bcache:: fix repeated words in comments (git-fixes).
• ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
• ceph: switch to corrected encoding of maxxattrsize in mdsmap (bsc#1223067).
• clk: Get runtime PM before walking tree during disable_unused (git-fixes).
• clk: Initialize struct clk_core kref earlier (stable-fixes).
• clk: Mark 'all_lists' as const (stable-fixes).
• clk: Print an info line before disabling unused clocks (stable-fixes).
• clk: Remove preparelock hold assertion in _clk_release() (git-fixes).
• clk: remove extra empty line (stable-fixes).
• comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
• dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
• dm cache: add cond_resched() to various workqueue loops (git-fixes).
• dm clone: call kmemcachedestroy() in dmcloneinit() error path (git-fixes).
• dm crypt: add condresched() to dmcryptwrite() (git-fixes).
• dm crypt: avoid accessing uninitialized tasklet (git-fixes).
• dm flakey: do not corrupt the zero page (git-fixes).
• dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
• dm flakey: fix a crash with invalid table line (git-fixes).
• dm flakey: fix logic when corrupting a bio (git-fixes).
• dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
• dm integrity: call kmemcachedestroy() in dmintegrityinit() error path (git-fixes).
• dm integrity: fix out-of-range warning (git-fixes).
• dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
• dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
• dm raid: fix false positive for requeue needed during reshape (git-fixes).
• dm raid: fix missing reconfigmutex unlock in raidctr() error paths (git-fixes).
• dm stats: check for and propagate alloc_percpu failure (git-fixes).
• dm thin metadata: Fix ABBA deadlock by resetting dmbufioclient (git-fixes).
• dm thin metadata: check failio before using datasm (git-fixes).
• dm thin: add cond_resched() to various workqueue loops (git-fixes).
• dm thin: fix deadlock when swapping to thin device (bsc#1177529).
• dm verity: do not perform FEC for failed readahead IO (git-fixes).
• dm verity: fix error handling for checkatmost_once on FEC (git-fixes).
• dm zoned: free dmz->ddev array in dmzputzoned_devices (git-fixes).
• dm-delay: fix a race between delaypresuspend and delaybio (git-fixes).
• dm-integrity: do not modify bio's immutable biovec in integritymetadata() (git-fixes).
• dm-raid: fix lockdep waring in 'pers->hotadddisk' (git-fixes).
• dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
• dm-verity: align struct dmverityfec_io properly (git-fixes).
• dm: add condresched() to dmwq_work() (git-fixes).
• dm: call the resume method on internal suspend (git-fixes).
• dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
• dm: do not lock fs when the map is NULL in process of resume (git-fixes).
• dm: remove flushscheduledwork() during local_exit() (git-fixes).
• dm: send just one event on resize, not two (git-fixes).
• dma: xilinx_dpdma: Fix locking (git-fixes).
• dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
• dmaengine: owl: fix register access functions (git-fixes).
• dmaengine: tegra186: Fix residual calculation (git-fixes).
• docs: Document the FANFSERROR event (stable-fixes).
• drm-print: add drmdbgdriver to improve namespace symmetry (stable-fixes).
• drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
• drm/amd/display: Fix nanosec stat overflow (stable-fixes).
• drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
• drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
• drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
• drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
• drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
• drm/amdgpu: always force full reset for SOC21 (stable-fixes).
• drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
• drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
• drm/amdgpu: once more fix the call oder in amdgputtmmove() v2 (git-fixes).
• drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
• drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
• drm/ast: Fix soft lockup (git-fixes).
• drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
• drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
• drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
• drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
• drm/msm/dp: fix typo in dpdisplayhandleportstatus_changed() (git-fixes).
• drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
• drm/panel: ili9341: Respect deferred probe (git-fixes).
• drm/panel: ili9341: Use predefined error codes (git-fixes).
• drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
• drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
• drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
• drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
• drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
• drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
• drm: nv04: Fix out of bounds access (git-fixes).
• drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
• drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
• dumpstack: Do not get cpusync for panic CPU (bsc#1223574).
• fbdev: fix incorrect address computation in deferred IO (git-fixes).
• fbdev: viafb: fix typo in hwbitblt1 and hwbitblt2 (stable-fixes).
• fbmon: prevent division by zero in fbvideomodefrom_videomode() (stable-fixes).
• fix build warning
• fuse: do not unhash root (bsc#1223951).
• fuse: fix root lookup with nonzero generation (bsc#1223950).
• hwmon: (amc6821) add of_match table (stable-fixes).
• i2c: pxa: hide unused icr_bits[] variable (git-fixes).
• i2c: smbus: fix NULL function pointer dereference (git-fixes).
• i40e: Fix VF MAC filter removal (git-fixes).
• idma64: Do not try to serve interrupts when device is powered off (git-fixes).
• iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
• iio:imu: adis16475: Fix sync mode setting (git-fixes).
• init/main.c: Fix potential staticcommandline memory overflow (git-fixes).
• iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
• iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes).
• iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
• iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
• iommu/amd: Fix error handling for pdevpriats_enable() (git-fixes).
• iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
• iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
• iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes).
• iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
• iommu/iova: Fix alloc iova overflows issue (git-fixes).
• iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
• iommu/rockchip: Fix unwind goto issue (git-fixes).
• iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
• iommu/vt-d: Allocate local memory for page request queue (git-fixes).
• iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
• iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
• iommu: Fix error unwind in iommugroupalloc() (git-fixes).
• ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
• kABI: Adjust traceiterator.waitindex (git-fixes).
• kprobes: Fix double free of kretprobe_holder (bsc#1220901).
• kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
• libnvdimm/ofpmem: Use devmkstrdup instead of kstrdup and check its return value (git-fixes).
• libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
• livepatch: Fix missing newline character in klpresolvesymbols() (bsc#1223539).
• md/raid1: fix choose next idle in read_balance() (git-fixes).
• md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
• md: do not clear MDRECOVERYFROZEN for new dm-raid until resume (git-fixes).
• media: cec: core: remove length check of Timer Status (stable-fixes).
• media: sta2x11: fix irq handler cast (stable-fixes).
• mei: me: add arrow lake point H DID (stable-fixes).
• mei: me: add arrow lake point S DID (stable-fixes).
• mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
• mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
• mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
• mtd: diskonchip: work around ubsan link failure (stable-fixes).
• nd_btt: Make BTT lanes preemptible (git-fixes).
• net: bridge: vlan: fix memory leak in _allowedingress (git-fixes).
• net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
• net: fix skb leak in _skbtstamp_tx() (git-fixes).
• net: ipv6: ensure we call ipv6mcdown() at most once (git-fixes).
• net: mld: fix reference count leak in mld{query | report}work() (git-fixes).
• net: stream: purge skerrorqueue in skstreamkill_queues() (git-fixes).
• net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
• net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
• net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
• net: vlan: fix underflow for the real_dev refcnt (git-fixes).
• netfilter: br_netfilter: Drop dst references before setting (git-fixes).
• netfilter: iptCLUSTERIP: fix refcount leak in clusteriptg_check() (git-fixes).
• netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
• nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640).
• nfsd: use _fputsync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
• nilfs2: fix OOB in nilfssetde_type (git-fixes).
• nilfs2: fix OOB in nilfssetde_type (git-fixes).
• nouveau: fix function cast warning (git-fixes).
• nouveau: fix instmem race condition around ptr stores (git-fixes).
• nvdimm/namespace: drop nested variable in createnamespacepmem() (git-fixes).
• nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
• nvdimm: Fix badblocks clear off-by-one error (git-fixes).
• nvdimm: Fix dereference after free in registernvdimmpmu() (git-fixes).
• nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
• nvdimm: Fix memleak of pmu attrgroups in unregisternvdimm_pmu() (git-fixes).
• pci_iounmap(): Fix MMIO mapping leak (git-fixes).
• phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
• pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
• platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes).
• platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
• powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
• powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
• powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
• powerpc/rtas: export rtaserrorrc() for reuse (bsc#1223369 ltc#205888).
• powerpc: Avoid nmienter/nmiexit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
• powerpc: Refactor verification of MSR_RI (bsc#1223191).
• printk: Add thiscpuin_panic() (bsc#1223574).
• printk: Adjust mapping for 32bit seq macros (bsc#1223574).
• printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
• printk: Disable passing console lock owner completely during panic() (bsc#1223574).
• printk: Drop console_sem during panic (bsc#1223574).
• printk: Rename abandonconsolelockinpanic() to othercpuin_panic() (bsc#1223574).
• printk: Use prbfirstseq() as base for 32bit seq macros (bsc#1223574).
• printk: Wait for all reserved records with pr_flush() (bsc#1223574).
• printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
• printk: ringbuffer: Clarify special lpos values (bsc#1223574).
• printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
• printk: ringbuffer: Do not skip non-finalized records with prbnextseq() (bsc#1223574).
• printk: ringbuffer: Improve prbnextseq() performance (bsc#1223574).
• printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
• pstore/zone: Add a null pointer check to the pszkmsgread (stable-fixes).
• ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
• ring-buffer: Fix fullwaiterspending in poll (git-fixes).
• ring-buffer: Fix resetting of shortest_full (git-fixes).
• ring-buffer: Fix waking up ring buffer readers (git-fixes).
• ring-buffer: Make wake once of ringbufferwait() more robust (git-fixes).
• ring-buffer: Use waiteventinterruptible() in ringbufferwait() (git-fixes).
• ring-buffer: use READONCE() to read cpubuffer->commit_page in concurrent environment (git-fixes).
• s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
• s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
• s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
• s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
• s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
• s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
• s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
• s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
• s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
• s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
• s390: Fixed kernel backtrack (bsc#1141539 git-fixes).
• serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
• serial: core: Provide port lock wrappers (stable-fixes).
• serial: core: fix kernel-doc for uartportunlock_irqrestore() (git-fixes).
• serial: mxs-auart: add spinlock around changing cts state (git-fixes).
• slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
• speakup: Avoid crash on very long word (git-fixes).
• speakup: Fix 8bit characters from direct synth (git-fixes).
• tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
• thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
• thunderbolt: Fix wake configurations after device unplug (stable-fixes).
• tracing/netsched: Fix tracepoints that save qdiscdev() as a string (git-fixes).
• tracing/ring-buffer: Fix waitonpipe() race (git-fixes).
• tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
• tracing: Remove precision vsnprintf() check from print event (git-fixes).
• tracing: Show size of requested perf buffer (git-fixes).
• tracing: Use .flush() call to wake up readers (git-fixes).
• usb: Disable USB3 LPM at shutdown (stable-fixes).
• usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
• usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
• usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
• usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
• usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
• usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
• usb: ohci: Prevent missed ohci interrupts (git-fixes).
• usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
• usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
• usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
• usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
• usb: typec: ucsi: Ack unsupported commands (stable-fixes).
• usb: typec: ucsi: Clear UCSICCIRESET_COMPLETE before reset (stable-fixes).
• usb: typec: ucsi: Fix connector check on init (git-fixes).
• usb: udc: remove warning when queue disabled ep (stable-fixes).
• vdpa/mlx5: Allow CVQ size changes (git-fixes).
• virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
• wifi: ath9k: fix LNA selection in athanttry_scan() (stable-fixes).
• wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
• wifi: iwlwifi: mvm: return uid from iwlmvmbuildscancmd (git-fixes).
• wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
• wifi: nl80211: do not free NULL coalescing rule (git-fixes).
• x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
• x86/mm: Ensure input to pfntokaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
• x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
• x86/xen: Add some null pointer checking to smp.c (git-fixes).
• x86/xen: add CPU dependencies for 32-bit build (git-fixes).
• x86/xen: fix percpu vcpu_info allocation (git-fixes).
• xen-netback: properly sync TX responses (git-fixes).
• xen-netfront: Add missing skbmarkfor_recycle (git-fixes).
• xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
• xen/xenbus: document willhandle argument for xenbuswatch_path() (git-fixes).
• xfrm6: fix inet6_dev refcount underflow problem (git-fixes).