SUSE-SU-2024:3569-1

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
• CVE-2022-48911: kabi: add _nfqueuegetrefs() for kabi compliance. (bsc#1229633).
• CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
• CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
• CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
• CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
• CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
• CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
• CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
• CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
• CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
• CVE-2024-37353: virtio: fixed a double free in vpdelvqs() (bsc#1226875).
• CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
• CVE-2024-38596: afunix: Fix data races in unixreleasesock/unixstream_sendmsg (bsc#1226846).
• CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
• CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
• CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
• CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
• CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
• CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
• CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
• CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
• CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
• CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
• CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
• CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
• CVE-2024-43890: tracing: Fix overflow in getfreeelt() (bsc#1229764).
• CVE-2024-43898: ext4: sanity check for NULL pointer after ext4forceshutdown (bsc#1229753).
• CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
• CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
• CVE-2024-44935: sctp: Fix null-ptr-deref in reuseportaddsock() (bsc#1229810).
• CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
• CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
• CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
• CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
• CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
• CVE-2024-44971: net: dsa: bcmsf2: Fix a possible memory leak in bcmsf2mdioregister() (bsc#1230211).
• CVE-2024-44986: ipv6: fix possible UAF in ip6finishoutput2() (bsc#1230230)
• CVE-2024-44987: ipv6: prevent UAF in ip6sendskb() (bsc#1230185).
• CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
• CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
• CVE-2024-44990: bonding: fix null pointer deref in bondipsecoffload_ok (bsc#1230194).
• CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
• CVE-2024-44999: gtp: pull network headers in gtpdevxmit() (bsc#1230233).
• CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
• CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
• CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
• CVE-2024-45013: nvme: move stopping keep-alive into nvmeuninitctrl() (bsc#1230442).
• CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
• CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
• CVE-2024-45021: memcgwriteevent_control(): fix a user-triggerable oops (bsc#1230434).
• CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
• CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
• CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
• CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
• CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
• CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcsgetfunction() (bsc#1230515)
• CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2newread_req() (bsc#1230517).
• CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
• CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
• CVE-2024-46707: KVM: arm64: Make ICC*SGI*EL1 undef in the absence of a vGICv3 (bsc#1230582).
• CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
• CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
• CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
• CVE-2024-46728: drm/amd/display: Check index for auxrdinterval before using (bsc#1230703)
• CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
• CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
• CVE-2024-46751: btrfs: do not BUGON() when 0 reference count at btrfslookupextentinfo() (bsc#1230786).
• CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfslookupextent_info() (bsc#1230794).
• CVE-2024-46753: btrfs: handle errors from btrfsdecref() properly (bsc#1230796).
• CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
• CVE-2024-46783: tcpbpf: fix return value of tcpbpf_sendmsg() (bsc#1230810).
• CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
• CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
• CVE-2024-46822: arm64: acpi: Harden getcpuforacpiid() against missing CPU entry (bsc#1231120).
• CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVMSETVCPU_EVENTS (bsc#1231116).

The following non-security bugs were fixed:

• ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
• ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
• ACPI: PMIC: Remove unneeded check in tps68470pmicopregion_probe() (git-fixes).
• ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
• ACPI: processor: Return an error if acpiprocessorgetinfo() fails in processoradd() (stable-fixes).
• ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
• ACPI: sysfs: validate return type of _STR method (git-fixes).
• afunix: annotate lockless accesses to sk->skerr (bsc#1226846).
• afunix: Fix data races around sk->skshutdown (bsc#1226846).
• afunix: Fix data-races around sk->skshutdown (git-fixes).
• ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
• ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
• ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
• ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
• ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
• apparmor: fix possible NULL pointer dereference (stable-fixes).
• arm64: acpi: Move getcpuforacpiid() to a header (git-fixes).
• arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
• arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
• arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
• arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
• arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
• arm64: tlb: Allow range operation for MAXTLBIRANGE_PAGES (bsc#1229585)
• arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
• arm64: tlb: Improve _TLBIVADDR_RANGE() (bsc#1229585)
• ASoC: dapm: Fix UAF for sndsocpcm_runtime object (git-fixes).
• ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
• ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
• ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
• ASoC: tegra: Fix CBB error during probe() (git-fixes).
• ASoC: topology: Properly initialize soc_enum values (stable-fixes).
• ata: libata: Fix memory leak for error path in atahostalloc() (git-fixes).
• ata: pata_macio: Use WARN instead of BUG (stable-fixes).
• blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
• blk-mq: add number of queue calc helper (bsc#1229034).
• blk-mq: Build default queue map via groupcpusevenly() (bsc#1229031).
• blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
• blk-mq: introduce blkmqdevmapqueues (bsc#1229034).
• blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
• blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
• Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
• Bluetooth: hcicore: Fix sending MGMTEVCONNECTFAILED (git-fixes).
• Bluetooth: hcisync: Ignore errors from HCIOPREMOTENAMEREQCANCEL (git-fixes).
• Bluetooth: L2CAP: Fix deadlock (git-fixes).
• Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
• cachefiles: fix dentry leak in cachefilesopenfile() (bsc#1231181).
• cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
• can: bcm: Clear bo->bcmprocread after removeprocentry() (git-fixes).
• can: bcm: Remove proc entry when dev is unregistered (git-fixes).
• can: j1939: use correct function name in comment (git-fixes).
• can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
• cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
• ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
• char: xillybus: Check USB endpoints when probing device (git-fixes).
• clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
• clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
• clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
• cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
• crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
• crypto: virtio - Handle dataq logic with tasklet (git-fixes).
• crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
• crypto: xor - fix template benchmarking (git-fixes).
• devres: Initialize an uninitialized struct member (stable-fixes).
• driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
• driver core: Add missing parameter description to _fwnodelink_add() (git-fixes).
• driver core: Create _fwnodelink_del() helper function (git-fixes).
• driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
• driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
• driver core: Set deferred probe reason when deferred by driver core (git-fixes).
• drivers:drm:exynosdrmgsc:Fix wrong assignment in gsc_bind() (git-fixes).
• Drivers: hv: vmbus: Fix rescind handling in uiohvgeneric (git-fixes).
• Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
• drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
• drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
• drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
• drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
• drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
• drm/amd/display: added NULL check at start of dcvalidatestream (stable-fixes).
• drm/amd/display: Assign linearpitchalignment even for VM (stable-fixes).
• drm/amd/display: Check denominator pbn_div before used (stable-fixes).
• drm/amd/display: Check gpio_id before used as array index (stable-fixes).
• drm/amd/display: Check HDCP returned status (stable-fixes).
• drm/amd/display: Check msg_id before processing transcation (stable-fixes).
• drm/amd/display: Check numvalidsets before accessing readerwmsets[] (stable-fixes).
• drm/amd/display: Correct the defined value for AMDGPUDMUBNOTIFICATION_MAX (stable-fixes).
• drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
• drm/amd/display: Fix Coverity INTEGEROVERFLOW within dalgpioservicecreate (stable-fixes).
• drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
• drm/amd/display: Skip wbsclsetscaler_filter if filter is null (stable-fixes).
• drm/amd/display: Spinlock before reading event (stable-fixes).
• drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
• drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
• drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
• drm/amdgpu: check for LINEARALIGNED correctly in checktilingflagsgfx6 (stable-fixes).
• drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
• drm/amdgpu: fix a possible null pointer dereference (git-fixes).
• drm/amdgpu: fix dereference after null check (stable-fixes).
• drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
• drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber (stable-fixes).
• drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
• drm/amdgpu: fix overflowed array index read warning (stable-fixes).
• drm/amdgpu: Fix smatch static checker warning (stable-fixes).
• drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
• drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
• drm/amdgpu: Fix uninitialized variable warning in amdgpuafmtacr (stable-fixes).
• drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
• drm/amdgpu/pm: Check the return value of smumsendmsgtosmc (stable-fixes).
• drm/amdgpu/pm: Fix uninitialized variable agcbtcresponse (stable-fixes).
• drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
• drm/amdgpu: Set nohwaccess when VF request full GPU fails (stable-fixes).
• drm/amdgpu: the warning dereferencing obj for nbiov74 (stable-fixes).
• drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
• drm/amdkfd: Reconcile the definition and use of oemid in struct kfdtopology_device (stable-fixes).
• drm/amd/pm: check negtive return for table entries (stable-fixes).
• drm/amd/pm: check specific index for aldebaran (stable-fixes).
• drm/amd/pm: Fix negative array index read (stable-fixes).
• drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
• drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
• drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
• drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
• drm/amd/pm: fix uninitialized variable warning (stable-fixes).
• drm/amd/pm: fix warning using uninitialized value of maxvidstep (stable-fixes).
• drm/bridge: lontium-lt8912b: Validate mode in drmbridgefuncs::mode_valid() (git-fixes).
• drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
• drm/i915/fence: Mark debugfencefree() with _maybeunused (git-fixes).
• drm/i915/fence: Mark debugfenceinitonstack() with _maybe_unused (git-fixes).
• drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
• drm/meson: plane: Add error handling (stable-fixes).
• drm/msm/a5xx: disable preemption in submits by default (git-fixes).
• drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
• drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
• drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
• drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
• drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
• drm/msm: Fix incorrect file name output in adrenorequestfw() (git-fixes).
• drm/msm: fix %s null argument error (git-fixes).
• drm: omapdrm: Add missing check for allocorderedworkqueue (git-fixes).
• drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
• drm/radeon: fix null pointer dereference in radeonaddcommon_modes (git-fixes).
• drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
• drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
• drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
• exfat: fix memory leak in exfatloadbitmap() (git-fixes).
• fbdev: hpfb: Fix an error handling path in hpfbdioprobe() (git-fixes).
• filemap: remove use of wait bookmarks (bsc#1224085).
• firmware_loader: Block path traversal (git-fixes).
• fscache: delete fscachecookielru_timer when fscache exits to avoid UAF (bsc#1230592).
• fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
• fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
• genirq/affinity: Do not pass irqaffinitydesc array to irqbuildaffinity_masks (bsc#1229031).
• genirq/affinity: Move groupcpusevenly() into lib/ (bsc#1229031).
• genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
• genirq/affinity: Pass affinity managed mask array to irqbuildaffinity_masks (bsc#1229031).
• genirq/affinity: Remove the 'firstvec' parameter from irqbuildaffinity_masks (bsc#1229031).
• genirq/affinity: Rename irqbuildaffinitymasks as groupcpus_evenly (bsc#1229031).
• genirq/affinity: Replace cpumaskweight() with cpumaskempty() where appropriate (bsc#1229031).
• gfs2: setattr_chown: Add missing initialization (git-fixes).
• HID: amdsfh: free driverdata after destroying hid device (stable-fixes).
• HID: cougar: fix slab-out-of-bounds Read in cougarreportfixup (stable-fixes).
• hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
• hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
• hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
• hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
• hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
• hwrng: bcm2835 - Add missing clkdisableunprepare in bcm2835rnginit (git-fixes).
• hwrng: cctrng - Add missing clkdisableunprepare in cctrng_resume (git-fixes).
• hwrng: mtk - Use devmpmruntime_enable (git-fixes).
• i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
• i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
• i2c: isch: Add missed 'else' (git-fixes).
• i2c: qcom-geni: Use IRQFNOAUTOEN flag in request_irq() (git-fixes).
• i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
• i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
• i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
• IB/core: Fix ibcachesetup_one error flow cleanup (git-fixes)
• IB/hfi1: Fix potential deadlock on &irqsrclock and &dd->uctxt_lock (git-fixes)
• iio: adc: ad7124: fix chip ID mismatch (git-fixes).
• iio: adc: ad7124: fix config comparison (git-fixes).
• iio: adc: ad7606: fix oversampling gpio array (git-fixes).
• iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
• iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
• iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
• iio: fix scale application in iioconvertrawtoprocessed_unlocked (git-fixes).
• iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
• Input: ilitektsi2c - add report id message validation (git-fixes).
• Input: ilitektsi2c - avoid wrong input subsystem sync (git-fixes).
• Input: ps2-gpio - use IRQFNOAUTOEN flag in request_irq() (git-fixes).
• Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
• ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
• ipmi:ssif: Improve detecting during probing (bsc#1228771)
• ipmi:ssif: Improve detecting during probing (bsc#1228771)
• jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
• kabi: add _nfqueuegetrefs() for kabi compliance.
• kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
• kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
• lib/groupcpus.c: avoid acquiring cpu hotplug lock in groupcpus_evenly (bsc#1229031).
• lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
• lib/groupcpus: Export groupcpus_evenly() (bsc#1229031).
• lirc: rcdevgetfromfd(): fix file leak (git-fixes).
• mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
• mailbox: rockchip: fix a typo in module autoloading (git-fixes).
• media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
• media: qcom: camss: Add check for v4l2fwnodeendpoint_parse (stable-fixes).
• media: qcom: camss: Fix ordering of pmruntimeenable (git-fixes).
• media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvbusbreadremotecontrol()' (git-fixes).
• media: sun4icsi: Implement link validate for sun4icsi subdev (git-fixes).
• media: uapi/linux/cec.h: cecmsgsetreplyto: zero flags (git-fixes).
• media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
• media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
• media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
• media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
• media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
• mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
• mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
• mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
• mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
• mtd: slram: insert break after errors in parsing the map (git-fixes).
• net: drop bad gso csumstart and offset in virtionet_hdr (git-fixes).
• net: mana: Fix error handling in manacreatetxq/rxq's NAPI cleanup (git-fixes).
• net: missing check virtio (git-fixes).
• net: tighten bad gso csum offset check in virtionethdr (git-fixes).
• nfconntrackprotoudp: do not accept packets with IPSNAT_CLASH (bsc#1199769).
• NFSD: Fix frame size warning in svcexportparse() (git-fixes).
• NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
• NFSD: Rewrite synopsis of nfsdpercpucounters_init() (git-fixes).
• NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
• NFS: Reduce use of uncached readdir (bsc#1226662).
• NFSv4: Add missing rescheduling points in nfsclientreturnmarkeddelegations (git-fixes).
• nilfs2: Constify struct kobj_type (git-fixes).
• nilfs2: determine empty node blocks as corrupted (git-fixes).
• nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
• nilfs2: fix potential null-ptr-deref in nilfsbtreeinsert() (git-fixes).
• nilfs2: fix potential oob read in nilfsbtreecheck_delete() (git-fixes).
• nilfs2: fix state management in error path of log writing function (git-fixes).
• nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
• nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
• nilfs2: use defaultgroups in kobjtype (git-fixes).
• nvme: move stopping keep-alive into nvmeuninitctrl() (git-fixes).
• nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
• nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
• nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
• nvme: replace blkmqpcimapqueues with blkmqdevmapqueues (bsc#1229034).
• nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
• nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
• nvmet-tcp: do not continue for invalid icreq (git-fixes).
• nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
• nvmet-trace: avoid dereferencing pointer too early (git-fixes).
• ocfs2: cancel dqisyncwork before freeing oinfo (git-fixes).
• ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
• ocfs2: fix possible null-ptr-deref in ocfs2setbuffer_uptodate (git-fixes).
• ocfs2: remove unreasonable unlock in ocfs2readblocks (git-fixes).
• PCI: Add missing bridge lock to pcibuslock() (stable-fixes).
• PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
• PCI/ASPM: Move pcifunction0() upward (bsc#1226915)
• PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
• PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
• PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
• PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
• PCI: dwc: Expose dwpcieep_exit() to module (git-fixes).
• PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
• pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
• PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
• PCI: keystone: Fix if-statement expression in kspciequirk() (git-fixes).
• PCI: Support BAR sizes up to 8TB (bsc#1231017)
• PCI: Wait for Link before restoring Downstream Buses (git-fixes).
• PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
• PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
• PCI: xilinx-nwl: Fix register misspelling (git-fixes).
• pcmcia: Use resource_size function on resource object (stable-fixes).
• pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
• pinctrl: single: fix potential NULL dereference in pcsgetfunction() (git-fixes).
• PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
• platform/x86: dell-smbios: Fix error path in dellsmbiosinit() (git-fixes).
• platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
• platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
• power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
• power: supply: Drop usecnt check from powersupplypropertyis_writeable() (git-fixes).
• power: supply: hwmon: Fix missing temp1maxalarm attribute (git-fixes).
• power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
• RDMA/core: Remove unused declaration rdmaresolveip_route() (git-fixes)
• RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
• RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
• RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
• RDMA/hns: Fix spinunlockirqrestore() called with IRQs enabled (git-fixes)
• RDMA/hns: Fix the overflow risk of hemlistcalcbarange() (git-fixes)
• RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
• RDMA/hns: Optimize hem allocation performance (git-fixes)
• RDMA/irdma: fix error message in irdmamodifyqp_roce() (git-fixes)
• RDMA/iwcm: Fix WARNING:atkernel/workqueue.c:#checkflush_dependency (git-fixes)
• RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
• RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
• RDMA/rtrs: Reset hbmissedcnt after receiving other traffic from peer (git-fixes)
• Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
• Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
• Revert 'media: tuners: fix error return code of hybridtunerrequest_state()' (git-fixes).
• Revert 'media: tuners: fix error return code of hybridtunerrequest_state()' (stable-fixes).
• rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
• scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
• scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
• scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429).
• scsi: lpfc: Fix overflow build issue (bsc#1229429).
• scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
• scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
• scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
• scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
• scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
• scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
• scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
• scsi: replace blkmqpcimapqueues with blkmqdevmapqueues (bsc#1229034).
• scsi: sd: Fix off-by-one error in sdreadblock_characteristics() (bsc#1223848).
• scsi: use block layer helpers to calculate num of queues (bsc#1229034).
• spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
• Squashfs: sanity check symbolic link size (git-fixes).
• staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
• thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
• tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
• tools/virtio: fix build (git-fixes).
• tpm: Clean up TPM space after command failure (git-fixes).
• tracing: Avoid possible softlockup in tracingiterreset() (git-fixes).
• tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
• udp: fix receiving fraglist GSO packets (git-fixes).
• uiohvgeneric: Fix kernel NULL pointer dereference in hvuiorescind (git-fixes).
• usb: cdnsp: Fix incorrect usb_request status (git-fixes).
• USB: class: CDC-ACM: fix race between getserial and setserial (git-fixes).
• usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
• usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
• usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
• usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
• usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
• usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes).
• usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
• usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
• usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
• usbip: Do not submit special requests twice (stable-fixes).
• usbnet: fix cyclical race on disconnect with work queue (git-fixes).
• usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
• usbnet: modern method to get random MAC (git-fixes).
• USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
• USB: serial: option: add MeiG Smart SRM825L (git-fixes).
• usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
• usb: uas: set host status byte on data completion error (git-fixes).
• usb: uas: set host status byte on data completion error (stable-fixes).
• USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
• usb: xhci: fix loss of data on Cadence xHC (git-fixes).
• vhost: Add smprmb() in vhostvqavailempty() (git-fixes).
• vhost-vdpa: switch to use vmfinsertpfn() in the fault handler (git-fixes).
• virito: add APIs for retrieving vq affinity (bsc#1229034).
• virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
• virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
• virtio: blk/scs: replace blkmqvirtiomapqueues with blkmqdevmapqueues (bsc#1229034).
• virtiofs: forbid newlines in tags (bsc#1230591).
• virtio_net: checksum offloading handling fix (git-fixes).
• virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
• virtionet: use u64stats_t infra to avoid data-races (git-fixes).
• virtio: reenable config if freezing device failed (git-fixes).
• virtio/vsock: fix logic which reduces credit update messages (git-fixes).
• VMCI: Fix use-after-free when removing resource in vmciresourceremove() (git-fixes).
• vsock/virtio: add support for device suspend/resume (git-fixes).
• vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
• vsock/virtio: initialize thevirtiovsock before using VQs (git-fixes).
• vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
• watchdog: imxscwdt: Do not disable WDT in suspend (git-fixes).
• wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
• wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
• wifi: cfg80211: fix UBSAN noise in cfg80211wextsiwscan() (git-fixes).
• wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
• wifi: mac80211: use two-phase skb reclamation in ieee80211dostop() (git-fixes).
• wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
• wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
• wifi: mwifiex: Do not return unused priv in mwifiexgetprivbyid() (stable-fixes).
• wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
• wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
• wifi: rtw88: remove CPT execution branch never used (git-fixes).
• wifi: wilc1000: fix potential RCU dereference issue in wilcparsejoinbssparam (git-fixes).
• x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
• x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
• x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
• x86/xen: Convert comma to semicolon (git-fixes).
• xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
• xen: allow mapping ACPI data using a different physical address (bsc#1226003).
• xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
• xen: move checks for e820 conflicts further up (bsc#1226003).
• xen: move maxpfn in xenmemory_setup() out of function scope (bsc#1226003).
• xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
• xen/swiotlb: fix allocated size (git-fixes).
• xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
• xen: use correct end address of kernel for conflict checking (bsc#1226003).
• xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
• xhci: Set quirky xHC PCI hosts to D3 after stopping and freeing them (git-fixes).
• xz: cleanup CRC32 edits from 2018 (git-fixes).