Container summary for

SUSE-IU-2024:1530-1

This update for grub2 fixes the following issues:

• Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866)
• Improved check for disk device when looking for PReP partition

This update for util-linux fixes the following issue:

• Skip aarch64 decode path for rest of the architectures (bsc#1229476).

This update for ncurses fixes the following issues:

• Allow the terminal description based on static fallback entries to be freed (bsc#1229028)

This update for cpupower fixes the following issue:

• Fix uncore frequency file string (bsc#1221765).

This update for suseconnect-ng fixes the following issue:

• Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)

This update for libzypp, zypper fixes the following issues:

• API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
• single_rpmtrans: fix installation of .src.rpms (bsc#1228647)

This update for xen fixes the following issues:

• CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)

This update for pam-config fixes the following issues:

• Improved check for existence of modules (bsc#1227216)

This update for python3 fixes the following issues:

• CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
• CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
• CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
• CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)

• %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
• Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
• Remove %suse_update_desktop_file macro as it is not useful any more.

This update for curl fixes the following issue:

• Make special characters in URL work with aws-sigv4 (bsc#1230516).

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:

• CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
• CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
• CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
• CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
• CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
• CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
• CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798)
• CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
• CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
• CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
• CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
• CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
• CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
• CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
• CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
• CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
• CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
• CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
• CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
• CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
• CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
• CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
• CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
• CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
• CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
• CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
• CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
• CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
• CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
• CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
• CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
• CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
• CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
• CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
• CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
• CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
• CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
• CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
• CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
• CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
• CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
• CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
• CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
• CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
• CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
• CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
• CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
• CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
• CVE-2024-27016: Validate pppoe header (bsc#1223807).
• CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
• CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
• CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
• CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
• CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
• CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
• CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
• CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
• CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
• CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
• CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
• CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
• CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
• CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
• CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
• CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
• CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
• CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
• CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
• CVE-2024-42308: Update DRM patch reference (bsc#1229411)
• CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
• CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
• CVE-2024-26669: Fix chain template offload (bsc#1222350).
• CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
• CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
• CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
• CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
• CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
• CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
• CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
• CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
• CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
• CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
• CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
• CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
• CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
• CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
• CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
• CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
• CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
• CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
• CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
• CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
• CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
• CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
• CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
• CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
• CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
• CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
• CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
• CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
• CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
• CVE-2024-42139: Fix improper extts handling (bsc#1228503).
• CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
• CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
• CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
• CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
• CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
• CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
• CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
• CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
• CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
• CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
• CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
• CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
• CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).

• Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
• Indicate support for the Generic Event Device thru _OSC (git-fixes).
• Rework system-level device notification handling (git-fixes).
• Drop nocrt parameter (git-fixes).
• x86: s2 Post-increment variables when getting constraints (git-fixes).
• Do not cross .backup mountpoint from backup volume (git-fixes).
• Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
• Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
• Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
• Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
• line6: Fix racy access to midibuf (stable-fixes).
• Relax start tick time check for slave timer elements (git-fixes).
• Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
• Re-add ScratchAmp quirk entries (git-fixes).
• Support Yamaha P-125 quirk entry (stable-fixes).
• Fix UBSAN warning in parse_audio_unit() (stable-fixes).
• arm64: initialize all values of acpi_early_node_map to (git-fixes)
• arm64: initialize all values of acpi_early_node_map to (git-fixes)
• arm64: Add Neoverse-V2 part (git-fixes)
• arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
• arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
• arm64: Restore spec_bar() macro (git-fixes)
• arm64: Add missing .field_width for GIC system registers (git-fixes)
• arm64: Fix the visibility of compat hwcaps (git-fixes)
• arm64: Force HWCAP to be based on the sysreg visible to (git-fixes)
• arm64: Add Cortex-A720 definitions (git-fixes)
• arm64: Add Cortex-A725 definitions (git-fixes)
• arm64: Add Cortex-X1C definitions (git-fixes)
• arm64: Add Cortex-X3 definitions (git-fixes)
• arm64: Add Cortex-X4 definitions (git-fixes)
• arm64: Add Cortex-X925 definitions (git-fixes)
• arm64: Add Neoverse-V3 definitions (git-fixes)
• arm64: Increase VOP clk rate on RK3328 (git-fixes)
• arm64: Increase VOP clk rate on RK3328 (git-fixes)
• arm64: Expand speculative SSBS workaround (again) (git-fixes)
• arm64: Expand speculative SSBS workaround (git-fixes)
• arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
• arm64: Fix KASAN random tag seed initialization (git-fixes)
• arm64: Fix KASAN random tag seed initialization (git-fixes)
• wcd938 Correct Soundwire ports mask (git-fixes).
• wsa881 Correct Soundwire ports mask (git-fixes).
• fix irq scheduling issue with PREEMPT_RT (git-fixes).
• Introduce async_schedule_dev_nocall() (bsc#1221269).
• Split async_schedule_node_domain() (bsc#1221269).
• Fix usage of __hci_cmd_sync_status (git-fixes).
• hci_ Fix not handling hibernation actions (git-fixes).
• l2 always unlock channel in l2cap_conless_channel() (git-fixes).
• L2 Fix deadlock (git-fixes).
• Fix a kernel verifier crash in stacksafe() (bsc#1225903).
• remove unused declaring of bpf_kprobe_override (git-fixes).
• fix leak of qgroup extent records after transaction abort (git-fixes).
• make btrfs_destroy_delayed_refs() return void (git-fixes).
• remove unnecessary prototype declarations at disk-io.c (git-fixes).
• update fs features directory asynchronously (bsc#1226168).
• propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
• issue a cap release immediately if no cap exists (bsc#1225162).
• periodically flush the cap releases (bsc#1225162).
• Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
• cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes).
• Fix register ID of SPSR_FIQ (git-fixes).
• add missing MODULE_DESCRIPTION() macros (stable-fixes).
• Add labels for both Valve Steam Deck revisions (stable-fixes).
• Add quirk for Aya Neo KUN (stable-fixes).
• Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
• Add quirk for Nanote UMPC-01 (stable-fixes).
• Add quirk for OrangePi Neo (stable-fixes).
• drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
• Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
• avoid using null object of framebuffer (git-fixes).
• Fix && vs || typos (git-fixes).
• Skip Recompute DSC Params if no Stream on Link (stable-fixes).
• Validate hw_points_num before using it (stable-fixes).
• Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
• Actually check flags for all context ops (stable-fixes).
• Add lock around VF RLCG interface (stable-fixes).
• fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
• Fix the null pointer dereference to ras_manager (stable-fixes).
• Validate TA binary size (stable-fixes).
• drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
• Fix the null pointer dereference for smu7 (stable-fixes).
• Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
• Fix the param type of set_power_profile_mode (stable-fixes).
• analogix_ properly handle zero sized AUX transactions (stable-fixes).
• tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
• fix null pointer dereference in drm_client_modeset_probe (git-fixes).
• drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes).
• set gp bus_stop bit before hard reset (stable-fixes).
• reset the link phy params before link training (git-fixes).
• cleanup FB if dpu_format_populate_layout fails (git-fixes).
• do not play tricks with debug macros (git-fixes).
• Zero-initialize iosys_map (stable-fixes).
• fix inode->i_blocks for non-512 byte sector size device (git-fixes).
• fix potential deadlock on __exfat_get_dentry_set (git-fixes).
• redefine DIR_DELETED as the bad cluster number (git-fixes).
• support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
• fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453).
• Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
• Add might_sleep() to disable_irq() (git-fixes).
• Always limit the affinity to online CPUs (git-fixes).
• Do not return error on missing optional irq_request_resources() (git-fixes).
• Take the proposed affinity at face value if force==true (git-fixes).
• genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes).
• genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes).
• Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
• Do not try to remove non-existing sysfs files (git-fixes).
• Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
• Shutdown managed interrupts with unsatifiable affinities (git-fixes).
• gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
• fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
• i2 Improve handling of stuck alerts (git-fixes).
• i2 Send alert notifications to all devices if source not found (git-fixes).
• Convert comma to semicolon (git-fixes).
• ip6_ Fix broken GRO (bsc#1229444).
• ipv6: fix incorrect unregister order (git-fixes).
• Drop bogus fwspec-mapping error handling (git-fixes).
• Fix association race (git-fixes).
• Fix disassociation race (git-fixes).
• Fix domain registration race (git-fixes).
• Fix mapping-creation race (git-fixes).
• Fixed unbalanced fwnode get and put (git-fixes).
• Look for existing mapping only once (git-fixes).
• Refactor __irq_domain_alloc_irqs() (git-fixes).
• Report irq number for NOMAP domains (git-fixes).
• Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
• Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
• Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
• kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes).
• Fix to check symbol prefixes correctly (git-fixes).
• move from strlcpy with unused retval to strscpy (git-fixes).
• protect concurrent access to mem_cgroup_idr (git-fixes).
• mm, fix infinite recursion due to RCU critical section (git-fixes).
• prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
• dw_ allow biu and ciu clocks to defer (git-fixes).
• mmc_ Fix NULL dereference on allocation failure (git-fixes).
• ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
• ks8851: Fix deadlock with the SPI chip variant (git-fixes).
• ks8851: Fix potential TX stall after interface reopen (git-fixes).
• ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
• Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
• Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
• Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
• Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
• remove two BUG() from skb_checksum_help() (bsc#1229312).
• qmi_ fix memory leak for not ip packets (git-fixes).
• fix possible cp null dereference (git-fixes).
• initialize noop_qdisc owner (git-fixes).
• pn533: Add poll mod list filling check (git-fixes).
• expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
• make the rpc_stat per net namespace (git-fixes).
• add posix ACLs to struct nfsd_attrs (git-fixes).
• add security label to struct nfsd_attrs (git-fixes).
• fix regression with setting ACLs (git-fixes).
• Fix strncpy() fortify warning (git-fixes).
• Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
• introduce struct nfsd_attrs (git-fixes).
• move from strlcpy with unused retval to strscpy (git-fixes).
• Optimize DRC bucket pruning (git-fixes).
• return error if nfs4_setacl fails (git-fixes).
• set attributes when creating symlinks (git-fixes).
• use locks_inode_context helper (git-fixes).
• nilfs2: Remove check for PageError (git-fixes).
• nvme_ scan namespaces asynchronously (bsc#1224105).
• ocfs2: use coarse time for new created files (git-fixes).
• Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
• perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
• platform/x86 Add support for ACPI based probing (jsc#PED-8779).
• platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
• platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
• platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779).
• platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
• platform/x86 Create static func to handle platdev (jsc#PED-8779).
• platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779).
• platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779).
• platform/x86 Move hsmp_test to probe (jsc#PED-8779).
• platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
• platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779).
• platform/x86 Restructure sysfs group creation (jsc#PED-8779).
• platform/x86 switch to use device_add_groups() (jsc#PED-8779).
• axp288_ Fix constant_charge_voltage writes (git-fixes).
• axp288_ Round constant_charge_voltage writes down (git-fixes).
• Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
• Mark .opd section read-only (bsc#1194869).
• use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
• xor_ Add '-mhard-float' to CFLAGS (bsc#1194869).
• powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
• Avoid clang null pointer arithmetic warnings (bsc#1194869).
• powerpc/kexec_ fix cpus node update to FDT (bsc#1194869).
• make the update_cpus_node() function public (bsc#1194869).
• split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
• Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
• Whitelist dtl slub object for copying to userspace (bsc#1194869).
• Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
• Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
• Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
• RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes).
• Fix incomplete state save in rxe_requester (git-fixes)
• Fix rxe_modify_srq (git-fixes)
• Handle zero length rdma (git-fixes)
• Move work queue code to subroutines (git-fixes)
• s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
• s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
• s390 Split and rework cpacf query functions (git-fixes bsc#1229187).
• s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
• s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
• s390 Prevent release of buffer in I/O (git-fixes bsc#1229572).
• s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
• Fix scldiv calculation (git-fixes).
• add a struct rpc_stats arg to rpc_create_args (git-fixes).
• Fix a race to wake a sync task (git-fixes).
• fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
• fix compat_sys_io_pgetevents_time64 usage (git-fixes).
• Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
• add check for crypto_shash_tfm_digest (git-fixes).
• dbg_orphan_ Fix missed key type checking (git-fixes).
• Fix adding orphan entry twice for the same inode (git-fixes).
• Fix unattached xattr inode if powercut happens after deleting (git-fixes).
• fix potential memory leak in vfio_intx_enable() (git-fixes).
• fix wgds rev 3 exact size (git-fixes).
• duplicate static structs used in driver instances (git-fixes).
• x86 drop the duplicate APM_MINOR_DEV macro (git-fixes).
• x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
• x86 Fix pti_clone_entry_text() for i386 (git-fixes).
• x86 Check if fixed MTRRs exist before saving them (git-fixes).
• x86 Work around false positive kmemleak report in msr_build_context() (git-fixes).
• Fix missing interval for missing_owner in xfs fsmap (git-fixes).
• Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
• use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
• Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
• Fix rpcrdma_reqs_reset() (git-fixes).

This update for logrotate fixes the following issues:

• Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)

This update for glibc fixes the following issue:

• fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661).

This update for dracut fixes the following issue:

• Version update, check for presence of legacy rules (bsc#1230330).
• Version update, handle all possible options in `rd.dasd` (bsc#1230110).

This update for e2fsprogs fixes the following issue:

• resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145).

This update for libpcap fixes the following issue:

• enable rdma support (bsc#1230894).

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
• CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
• CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
• CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
• CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
• CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
• CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
• CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
• CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
• CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
• CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
• CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
• CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
• CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
• CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
• CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
• CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
• CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
• CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
• CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
• CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
• CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
• CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
• CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
• CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
• CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
• CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
• CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
• CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
• CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
• CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
• CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
• CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
• CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
• CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
• CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
• CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
• CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
• CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
• CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
• CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
• CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
• CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
• CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
• CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
• CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
• CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
• CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
• CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
• CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
• CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
• CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
• CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
• CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
• CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
• CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
• CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
• CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
• CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
• CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
• CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
• CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
• CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
• CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
• CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
• CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
• CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
• CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786).
• CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
• CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
• CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
• CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
• CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
• CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
• CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
• CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116).

• ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
• ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
• ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes).
• ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
• ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes).
• ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
• ACPI: sysfs: validate return type of _STR method (git-fixes).
• af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
• af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
• af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
• ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
• ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
• ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
• ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
• ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
• apparmor: fix possible NULL pointer dereference (stable-fixes).
• arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
• arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
• arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
• arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
• arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
• arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
• arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
• arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
• arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
• ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
• ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
• ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
• ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
• ASoC: tegra: Fix CBB error during probe() (git-fixes).
• ASoC: topology: Properly initialize soc_enum values (stable-fixes).
• ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes).
• ata: pata_macio: Use WARN instead of BUG (stable-fixes).
• blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
• blk-mq: add number of queue calc helper (bsc#1229034).
• blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031).
• blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
• blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
• blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
• blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
• Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
• Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes).
• Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
• Bluetooth: L2CAP: Fix deadlock (git-fixes).
• Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
• cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181).
• cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
• can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes).
• can: bcm: Remove proc entry when dev is unregistered (git-fixes).
• can: j1939: use correct function name in comment (git-fixes).
• can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
• cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
• ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
• char: xillybus: Check USB endpoints when probing device (git-fixes).
• clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
• clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
• clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
• cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
• crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
• crypto: virtio - Handle dataq logic with tasklet (git-fixes).
• crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
• crypto: xor - fix template benchmarking (git-fixes).
• devres: Initialize an uninitialized struct member (stable-fixes).
• driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
• driver core: Add missing parameter description to __fwnode_link_add() (git-fixes).
• driver core: Create __fwnode_link_del() helper function (git-fixes).
• driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
• driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
• driver core: Set deferred probe reason when deferred by driver core (git-fixes).
• drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes).
• Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
• Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
• drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
• drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
• drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
• drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
• drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
• drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes).
• drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes).
• drm/amd/display: Check denominator pbn_div before used (stable-fixes).
• drm/amd/display: Check gpio_id before used as array index (stable-fixes).
• drm/amd/display: Check HDCP returned status (stable-fixes).
• drm/amd/display: Check msg_id before processing transcation (stable-fixes).
• drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes).
• drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
• drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
• drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes).
• drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
• drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes).
• drm/amd/display: Spinlock before reading event (stable-fixes).
• drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
• drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
• drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
• drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes).
• drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
• drm/amdgpu: fix a possible null pointer dereference (git-fixes).
• drm/amdgpu: fix dereference after null check (stable-fixes).
• drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
• drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes).
• drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
• drm/amdgpu: fix overflowed array index read warning (stable-fixes).
• drm/amdgpu: Fix smatch static checker warning (stable-fixes).
• drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
• drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
• drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes).
• drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
• drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes).
• drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes).
• drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
• drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes).
• drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes).
• drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
• drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes).
• drm/amd/pm: check negtive return for table entries (stable-fixes).
• drm/amd/pm: check specific index for aldebaran (stable-fixes).
• drm/amd/pm: Fix negative array index read (stable-fixes).
• drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
• drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
• drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
• drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
• drm/amd/pm: fix uninitialized variable warning (stable-fixes).
• drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes).
• drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes).
• drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
• drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes).
• drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes).
• drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
• drm/meson: plane: Add error handling (stable-fixes).
• drm/msm/a5xx: disable preemption in submits by default (git-fixes).
• drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
• drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
• drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
• drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
• drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
• drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes).
• drm/msm: fix %s null argument error (git-fixes).
• drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes).
• drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
• drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes).
• drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
• drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
• drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
• exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
• fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes).
• filemap: remove use of wait bookmarks (bsc#1224085).
• firmware_loader: Block path traversal (git-fixes).
• fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592).
• fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
• fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
• genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031).
• genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031).
• genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
• genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031).
• genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031).
• genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031).
• genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031).
• gfs2: setattr_chown: Add missing initialization (git-fixes).
• HID: amd_sfh: free driver_data after destroying hid device (stable-fixes).
• HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes).
• hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
• hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
• hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
• hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
• hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
• hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes).
• hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes).
• hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
• i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
• i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
• i2c: isch: Add missed 'else' (git-fixes).
• i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
• i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
• i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
• i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
• IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
• IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
• iio: adc: ad7124: fix chip ID mismatch (git-fixes).
• iio: adc: ad7124: fix config comparison (git-fixes).
• iio: adc: ad7606: fix oversampling gpio array (git-fixes).
• iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
• iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
• iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
• iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes).
• iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
• Input: ilitek_ts_i2c - add report id message validation (git-fixes).
• Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes).
• Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
• Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
• ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
• ipmi:ssif: Improve detecting during probing (bsc#1228771)
• ipmi:ssif: Improve detecting during probing (bsc#1228771)
• jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
• kabi: add __nf_queue_get_refs() for kabi compliance.
• kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
• kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
• lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031).
• lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
• lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
• lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
• mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
• mailbox: rockchip: fix a typo in module autoloading (git-fixes).
• media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
• media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes).
• media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
• media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes).
• media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes).
• media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes).
• media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
• media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
• media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
• media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
• media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
• mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
• mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
• mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
• mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
• mtd: slram: insert break after errors in parsing the map (git-fixes).
• net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
• net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
• net: missing check virtio (git-fixes).
• net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes).
• nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769).
• NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
• NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
• NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes).
• NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
• NFS: Reduce use of uncached readdir (bsc#1226662).
• NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes).
• nilfs2: Constify struct kobj_type (git-fixes).
• nilfs2: determine empty node blocks as corrupted (git-fixes).
• nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
• nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes).
• nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes).
• nilfs2: fix state management in error path of log writing function (git-fixes).
• nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
• nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
• nilfs2: use default_groups in kobj_type (git-fixes).
• nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes).
• nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
• nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
• nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
• nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
• nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
• nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
• nvmet-tcp: do not continue for invalid icreq (git-fixes).
• nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
• nvmet-trace: avoid dereferencing pointer too early (git-fixes).
• ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
• ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
• ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
• ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
• PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
• PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
• PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
• PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
• PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
• PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
• PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
• PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
• PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
• pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
• PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
• PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes).
• PCI: Support BAR sizes up to 8TB (bsc#1231017)
• PCI: Wait for Link before restoring Downstream Buses (git-fixes).
• PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
• PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
• PCI: xilinx-nwl: Fix register misspelling (git-fixes).
• pcmcia: Use resource_size function on resource object (stable-fixes).
• pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
• pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
• PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
• platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes).
• platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
• platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
• power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
• power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes).
• power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes).
• power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
• RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
• RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
• RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
• RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
• RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
• RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
• RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
• RDMA/hns: Optimize hem allocation performance (git-fixes)
• RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
• RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
• RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
• RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
• RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
• Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
• Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
• Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes).
• Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes).
• rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
• scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
• scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
• scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429).
• scsi: lpfc: Fix overflow build issue (bsc#1229429).
• scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
• scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
• scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
• scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
• scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
• scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
• scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
• scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
• scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848).
• scsi: use block layer helpers to calculate num of queues (bsc#1229034).
• spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
• Squashfs: sanity check symbolic link size (git-fixes).
• staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
• thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
• tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
• tools/virtio: fix build (git-fixes).
• tpm: Clean up TPM space after command failure (git-fixes).
• tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
• tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
• udp: fix receiving fraglist GSO packets (git-fixes).
• uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
• usb: cdnsp: Fix incorrect usb_request status (git-fixes).
• USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes).
• usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
• usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
• usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
• usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
• usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
• usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes).
• usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
• usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
• usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
• usbip: Do not submit special requests twice (stable-fixes).
• usbnet: fix cyclical race on disconnect with work queue (git-fixes).
• usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
• usbnet: modern method to get random MAC (git-fixes).
• USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
• USB: serial: option: add MeiG Smart SRM825L (git-fixes).
• usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
• usb: uas: set host status byte on data completion error (git-fixes).
• usb: uas: set host status byte on data completion error (stable-fixes).
• USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
• usb: xhci: fix loss of data on Cadence xHC (git-fixes).
• vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
• vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
• virito: add APIs for retrieving vq affinity (bsc#1229034).
• virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
• virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
• virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034).
• virtiofs: forbid newlines in tags (bsc#1230591).
• virtio_net: checksum offloading handling fix (git-fixes).
• virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
• virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
• virtio: reenable config if freezing device failed (git-fixes).
• virtio/vsock: fix logic which reduces credit update messages (git-fixes).
• VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes).
• vsock/virtio: add support for device suspend/resume (git-fixes).
• vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
• vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes).
• vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
• watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes).
• wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
• wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
• wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes).
• wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
• wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes).
• wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
• wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
• wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes).
• wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
• wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
• wifi: rtw88: remove CPT execution branch never used (git-fixes).
• wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes).
• x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
• x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
• x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
• x86/xen: Convert comma to semicolon (git-fixes).
• xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
• xen: allow mapping ACPI data using a different physical address (bsc#1226003).
• xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
• xen: move checks for e820 conflicts further up (bsc#1226003).
• xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003).
• xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
• xen/swiotlb: fix allocated size (git-fixes).
• xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
• xen: use correct end address of kernel for conflict checking (bsc#1226003).
• xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
• xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes).
• xz: cleanup CRC32 edits from 2018 (git-fixes).

This update for wicked fixes the following issue:

• compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555).

This update for rsyslog fixes the following issue:

• fix PreserveFQDN option before daemon is restarted (bsc#1231229)

This update for bash fixes the following issues:

• Load completion file eveh if a brace expansion is in the command line included (bsc#1227807).

This update for grub2 fixes the following issue:

• Fix out of memory error in loading loopback file (bsc#1230840).

SUSE-IU-2024:1229-1

This update for supportutils fixes the following issues:
Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210)

This update for python3-setuptools fixes the following issues:

• CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)

This update for suse-build-key fixes the following issue:

• extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339).

This update for xen fixes the following issues:

• CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
• CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)

• Update to Xen 4.17.5 security bug fix release (bsc#1027519)

This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)

This update for glib2 fixes the following issues:

• Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).

This update for buildah, docker fixes the following issues:
Changes in docker:

• CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
• CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
• CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
• CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)

• Update to Docker 25.0.6-ce. See upstream changelog online at
• Update to Docker 25.0.5-ce (bsc#1223409)

• Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916)
• Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855)

• Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180

• Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev

• Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)

• Buildah dropped cni support, require netavark instead (bsc#1221243)

• Remove obsolete requires libcontainers-image & libcontainers-storage

• Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846)

• Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP

This update for sles-release fixes the following issue:

• Increment Codestream lifecycle by 3 years.
• Set Product EOL date.

This update for dracut fixes the following issues:

• Version update with: * feat(systemd*) include systemd config files from /usr/lib/systemd (bsc#1228398). * fix(convertfs) error in conditional expressions (bsc#1228847).

This update for systemd fixes the following issues:

• CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)

• Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
• Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
• Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).

This update for glibc fixes the following issue:

• s390x: Fix segfault in wcsncmp (bsc#1228043).

This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:

• Make sure not to statically linked installed tools (bsc#1228787)
• MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
• Export asSolvable for YAST (bsc#1228420)
• Export CredentialManager for legacy YAST versions (bsc#1228420)
• Fix 4 typos in zypp.conf
• Fix typo in the geoip update pipeline (bsc#1228206)
• Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
• Removed dependency on external find program in the repo2solv tool
• Fix return value of repodata.add_solv()
• New SOLVER_FLAG_FOCUS_NEW flag
• Fix return value of repodata.add_solv() in the bindings
• Fix SHA-224 oid in solv_pgpvrfy
• Translation: updated .pot file.
• Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
• Fix int overflow in Provider
• Fix error reporting on repoindex.xml parse error (bsc#1227625)
• Keep UrlResolverPlugin API public
• Blacklist /snap executables for 'zypper ps' (bsc#1226014)
• Fix handling of buddies when applying locks (bsc#1225267)
• Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
• Show rpm install size before installing (bsc#1224771)
• Install zypp/APIConfig.h legacy include
• Update soname due to RepoManager refactoring and cleanup
• Workaround broken libsolv-tools-base requirements
• Strip ssl_clientkey from repo urls (bsc#1226030)
• Remove protobuf build dependency
• Lazily attach medium during refresh workflows (bsc#1223094)
• Refactor RepoManager and add Service workflows
• Let_readline_abort_on_Ctrl-C (bsc#1226493)
• packages: add '--system' to show @System packages (bsc#222971)
• Provide python3-zypp-plugin down to SLE12 (bsc#1081596)

This update for libpcap fixes the following issues:

• CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
• CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)

This update for curl fixes the following issues:

• CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

This update for expat fixes the following issues:

• CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
• CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
• CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)

This update for containerd fixes the following issues:

• Update to containerd v1.7.21
• CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
• CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)

This update for runc fixes the following issues:

• Update to runc v1.1.14
• CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)

SUSE-IU-2024:1106-1

This update for ca-certificates-mozilla fixes the following issues:

• Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020

• Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3

This update for dmidecode fixes the following issues:

• Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump

This update for util-linux fixes the following issues:

• agetty: Prevent login cursor escape (bsc#1194818).
• Document unexpected side effects of lazy destruction (bsc#1159034).
• Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285).
• agetty: Prevent login cursor escape (bsc#1194818).
• Document unexpected side effects of lazy destruction (bsc#1159034).
• Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285).
• agetty: Prevent login cursor escape (bsc#1194818).
• Document unexpected side effects of lazy destruction (bsc#1159034).
• Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285).

This update for openssl-1_1 fixes the following issues:

• CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)

• Build with no-afalgeng (bsc#1226463)

This update for cloud-regionsrv-client contains the following fixes:

• Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file

• Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking

This update for grub2 fixes the following issues:

• Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124)
• Fix error in grub-install when root is on tmpfs (bsc#1226100)
• Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
• Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226)

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:

• CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
• CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958).
• CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
• CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
• CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
• CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
• CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
• CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
• CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
• CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
• CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
• CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
• CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
• CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
• CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
• CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
• CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
• CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
• CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
• CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).
• CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).
• CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
• CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
• CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
• CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
• CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).
• CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
• CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
• CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
• CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869).
• CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
• CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
• CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
• CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
• CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
• CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
• CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
• CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
• CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
• CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
• CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
• CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
• CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
• CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
• CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
• CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
• CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
• CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
• CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
• CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
• CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
• CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
• CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
• CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
• CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
• CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
• CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
• CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
• CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
• CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
• CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
• CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
• CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
• CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323).
• CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
• CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
• CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
• CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
• CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
• CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
• CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013).
• CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
• CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
• CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
• CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
• CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
• CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
• CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
• CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
• CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
• CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
• CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
• CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
• CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
• CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
• CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
• CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
• CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
• CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
• CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
• CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
• CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
• CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
• CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
• CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
• CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
• CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
• CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
• CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
• CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
• CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
• CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
• CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
• CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
• CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
• CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
• CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
• CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
• CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
• CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
• CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
• CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
• CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
• CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
• CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585).
• CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
• CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).
• CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
• CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
• CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
• CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
• CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
• CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
• CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
• CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
• CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
• CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
• CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
• CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
• CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
• CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
• CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
• CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
• CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
• CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
• CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
• CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
• CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
• CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
• CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
• CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
• CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
• CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
• CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
• CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
• CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
• CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
• CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
• CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
• CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
• CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
• CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
• CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
• CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
• CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
• CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
• CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
• CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
• CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
• CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
• CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
• CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
• CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
• CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
• CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
• CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
• CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
• CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
• CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
• CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
• CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
• CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
• CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
• CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
• CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
• CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
• CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
• CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
• CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
• CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
• CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
• CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
• CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
• CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
• CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
• CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
• CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
• CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103).
• CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
• CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
• CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
• CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
• CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
• CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
• CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
• CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
• CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722).
• CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
• CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
• CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
• CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732).
• CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
• CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
• CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
• CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
• CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
• CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
• CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
• CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
• CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
• CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
• CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
• CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
• CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
• CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
• CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
• CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
• CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
• CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
• CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
• CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
• CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
• CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
• CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
• CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
• CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
• CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
• CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
• CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
• CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
• CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
• CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
• CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
• CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
• CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
• CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
• CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
• CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
• CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
• CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
• CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
• CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
• CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
• CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
• CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
• CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).
• CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
• CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
• CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
• CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
• CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
• CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).
• CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
• CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
• CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
• CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
• CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
• CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
• CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
• CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
• CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
• CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
• CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
• CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
• CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
• CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
• CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).

• acpi: EC: Abort address space access upon error (stable-fixes).
• acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
• acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
• acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
• acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
• acpi: x86: Force StorageD3Enable on more products (stable-fixes).
• acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
• acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes).
• alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
• alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes).
• alsa: emux: improve patch ioctl data validation (stable-fixes).
• alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes).
• alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
• alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
• alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
• alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
• alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
• alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
• alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
• alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
• alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
• alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
• alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
• alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
• alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
• alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
• alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
• alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
• alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
• alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
• alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
• alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
• alsa: timer: Set lower bound of start tick time (stable-fixes).
• alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
• alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
• alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
• alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
• alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
• arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
• arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
• arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
• arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
• arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
• arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
• arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
• arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
• arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
• arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
• arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
• arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
• arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
• arm64/io: add constant-argument check (bsc#1226502 git-fixes)
• arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
• asoc: amd: acp: add a null check for chip_pdev structure (git-fixes).
• asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
• asoc: amd: Adjust error handling in case of absent codec device (git-fixes).
• asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
• asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes).
• asoc: max98088: Check for clk_prepare_enable() error (git-fixes).
• asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
• asoc: rt715-sdca: volume step modification (stable-fixes).
• asoc: rt715: add vendor clear control register (stable-fixes).
• asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
• asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes).
• ata: ahci: Clean up sysfs file on error (git-fixes).
• ata: libata-core: Fix double free on error (git-fixes).
• ata: libata-core: Fix null pointer dereference on error (git-fixes).
• batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
• batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
• blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
• block, loop: support partitions without scanning (bsc#1227162).
• block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
• bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
• bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
• bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
• bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
• bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
• Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
• bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
• bnxt_re: Fix imm_data endianness (git-fixes)
• bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
• bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
• bpf: allow precision tracking for programs with subprogs (bsc#1225903).
• bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
• bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
• bpf: correct loop detection for iterators convergence (bsc#1225903).
• bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
• bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
• bpf: exact states comparison for iterator convergence checks (bsc#1225903).
• bpf: extract __check_reg_arg() utility function (bsc#1225903).
• bpf: extract same_callsites() as utility function (bsc#1225903).
• bpf: extract setup_func_entry() utility function (bsc#1225903).
• bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
• bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
• bpf: Fix memory leaks in __check_func_call (bsc#1225903).
• bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
• bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
• bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
• bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
• bpf: improve precision backtrack logging (bsc#1225903).
• bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
• bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
• bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
• bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
• bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
• bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
• bpf: print full verifier states on infinite loop detection (bsc#1225903).
• bpf: regsafe() must not skip check_ids() (bsc#1225903).
• bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
• bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
• bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
• bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
• bpf: states_equal() must build idmap for all function frames (bsc#1225903).
• bpf: stop setting precise in current state (bsc#1225903).
• bpf: support precision propagation in the presence of subprogs (bsc#1225903).
• bpf: take into account liveness when propagating precision (bsc#1225903).
• bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
• bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
• bpf: use check_ids() for active_lock comparison (bsc#1225903).
• bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
• bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
• bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
• bpf: widening for callback iterators (bsc#1225903).
• btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
• btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
• btrfs: harden identification of a stale device (bsc#1227162).
• btrfs: match stale devices by dev_t (bsc#1227162).
• btrfs: remove the cross file system checks from remap (bsc#1227157).
• btrfs: use dev_t to match device in device_matched (bsc#1227162).
• btrfs: validate device maj:min during open (bsc#1227162).
• bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
• cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
• cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
• can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
• can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
• ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
• ceph: always check dir caps asynchronously (bsc#1226022).
• ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
• ceph: break the check delayed cap loop every 5s (bsc#1226022).
• ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
• ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
• cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
• cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
• cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
• cgroup: preserve KABI of cgroup_root (bsc#1222254).
• cgroup: Remove unnecessary list_empty() (bsc#1222254).
• cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
• check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN .
• checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
• cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
• cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
• crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
• crypto: ecdh - explicitly zeroize private_key (stable-fixes).
• crypto: ecdsa - Fix the public key format description (git-fixes).
• crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
• crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
• csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
• decompress_bunzip2: fix rare decompression failure (git-fixes).
• devres: Fix devm_krealloc() wasting memory (git-fixes).
• devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
• dma: fix call order in dmam_free_coherent (git-fixes).
• dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
• dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
• docs: crypto: async-tx-api: fix broken code example (git-fixes).
• docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
• drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
• drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
• drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
• drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
• drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
• drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
• drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
• drm/amd/display: Check for NULL pointer (stable-fixes).
• drm/amd/display: Check index msg_id before read or write (stable-fixes).
• drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
• drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
• drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
• drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
• drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
• drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
• drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
• drm/amd/pm: remove logically dead code for renoir (git-fixes).
• drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
• drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
• drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
• drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
• drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
• drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
• drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
• drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
• drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
• drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
• drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
• drm/amdgpu: Update BO eviction priorities (stable-fixes).
• drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
• drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
• drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
• drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
• drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).
• drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
• drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
• drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
• drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
• drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
• drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
• drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
• drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
• drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
• drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
• drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
• drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
• drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
• drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
• drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
• drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
• drm/komeda: check for error-valued pointer (git-fixes).
• drm/lima: add mask irq callback to gp and pp (stable-fixes).
• drm/lima: fix shared irq handling on driver remove (stable-fixes).
• drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
• drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
• drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
• drm/meson: fix canvas release in bind function (git-fixes).
• drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
• drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
• drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
• drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
• drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
• drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
• drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
• drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
• drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
• drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
• drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
• drm/nouveau: prime: fix refcount underflow (git-fixes).
• drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
• drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
• drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
• drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
• drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
• drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
• drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
• drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
• drm/qxl: Add check for drm_cvt_mode (git-fixes).
• drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
• drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
• drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
• drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
• drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
• drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
• drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
• drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
• eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
• exfat: check if cluster num is valid (git-fixes).
• exfat: simplify is_valid_cluster() (git-fixes).
• filelock: add a new locks_inode_context accessor function (git-fixes).
• firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
• firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
• firmware: cs_dsp: Return error if block header overflows file (git-fixes).
• firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
• firmware: cs_dsp: Validate payload length before processing block (git-fixes).
• firmware: dmi: Stop decoding on broken entry (stable-fixes).
• firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
• firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
• firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
• fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
• ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
• fuse: verify {g,u}id mount options correctly (bsc#1228191).
• gpio: davinci: Validate the obtained number of IRQs (git-fixes).
• gpio: mc33880: Convert comma to semicolon (git-fixes).
• gpio: tqmx86: fix typo in Kconfig label (git-fixes).
• gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
• gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
• hfsplus: fix to avoid false alarm of circular locking (git-fixes).
• hfsplus: fix uninit-value in copy_name (git-fixes).
• hid: Add quirk for Logitech Casa touchpad (stable-fixes).
• hid: core: remove unnecessary WARN_ON() in implement() (git-fixes).
• hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
• hid: wacom: Modify pen IDs (git-fixes).
• hpet: Support 32-bit userspace (git-fixes).
• hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
• hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
• hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
• hwmon: (shtc1) Fix property misspelling (git-fixes).
• i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
• i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
• i2c: mark HostNotify target address as used (git-fixes).
• i2c: ocores: set IACK bit after core is enabled (git-fixes).
• i2c: rcar: bring hardware to known state when probing (git-fixes).
• i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
• i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
• i2c: testunit: avoid re-issued work after read message (git-fixes).
• i2c: testunit: correct Kconfig description (git-fixes).
• i2c: testunit: discard write requests while old command is running (git-fixes).
• i2c: testunit: do not erase registers after STOP (git-fixes).
• iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
• iio: adc: ad7266: Fix variable checking bug (git-fixes).
• iio: adc: ad9467: fix scan type sign (git-fixes).
• iio: chemical: bme680: Fix calibration data variable (git-fixes).
• iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
• iio: chemical: bme680: Fix pressure value output (git-fixes).
• iio: chemical: bme680: Fix sensor data read operation (git-fixes).
• iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
• iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
• input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
• input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
• input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
• Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
• input: qt1050 - handle CHIP_ID reading error (git-fixes).
• input: silead - Always support 10 fingers (stable-fixes).
• intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
• intel_th: pci: Add Granite Rapids support (stable-fixes).
• intel_th: pci: Add Lunar Lake support (stable-fixes).
• intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
• intel_th: pci: Add Meteor Lake-S support (stable-fixes).
• intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
• iommu: mtk: fix module autoloading (git-fixes).
• iommu: Return right value in iommu_sva_bind_device() (git-fixes).
• iommu/amd: Fix sysfs leak in iommu init (git-fixes).
• iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
• ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
• ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
• jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
• jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
• jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
• kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
• kabi: bpf: callback fixes kABI workaround (bsc#1225903).
• kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
• kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903).
• kabi: rtas: Workaround false positive due to lost definition (bsc#1227487).
• kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
• kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
• kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
• kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
• kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
• kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
• kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
• kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
• kernel-binary: vdso: Own module_dir
• kernel-doc: fix struct_group_tagged() parsing (git-fixes).
• kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
• knfsd: LOOKUP can return an illegal error value (git-fixes).
• kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
• kprobes: Make arch_check_ftrace_location static (git-fixes).
• kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
• kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
• kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869).
• kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
• kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
• kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
• kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
• kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
• kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
• kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes).
• kvm: x86: Add IBPB_BRTYPE support (bsc#1228079).
• kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
• kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
• kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
• kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
• kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
• kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
• kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
• kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
• kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
• kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
• kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes).
• kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
• kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
• leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
• leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
• leds: triggers: Flush pending brightness before activating trigger (git-fixes).
• lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
• lib: objagg: Fix general protection fault (git-fixes).
• lib: objagg: Fix spelling (git-fixes).
• lib: test_objagg: Fix spelling (git-fixes).
• libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
• lockd: set missing fl_flags field when retrieving args (git-fixes).
• lockd: use locks_inode_context helper (git-fixes).
• Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
• media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
• media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
• media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
• media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
• media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
• media: dvbdev: Initialize sbuf (stable-fixes).
• media: dw2102: Do not translate i2c read into write (stable-fixes).
• media: dw2102: fix a potential buffer overflow (git-fixes).
• media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
• media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
• media: imon: Fix race getting ictx->lock (git-fixes).
• media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
• media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
• media: mxl5xx: Move xpt structures off stack (stable-fixes).
• media: radio-shark2: Avoid led_names truncations (git-fixes).
• media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
• media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
• media: uvcvideo: Override default flags (git-fixes).
• media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
• media: venus: fix use after free in vdec_close (git-fixes).
• media: venus: flush all buffers in output plane streamoff (git-fixes).
• mei: demote client disconnect warning on suspend to debug (stable-fixes).
• mei: me: release irq in mei_me_pci_resume error path (git-fixes).
• mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
• mkspec-dtb: add toplevel symlinks also on arm
• mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
• mmc: core: Do not force a retune before RPMB switch (stable-fixes).
• mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
• mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
• mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
• mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
• mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
• mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
• mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
• mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
• mmc: sdhci: Do not invert write-protect twice (git-fixes).
• mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
• mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
• mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
• mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
• mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
• net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
• net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
• net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
• net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
• net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
• net: mana: Fix possible double free in error handling path (git-fixes).
• net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
• net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
• net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
• net: usb: ax88179_178a: improve link status logs (git-fixes).
• net: usb: ax88179_178a: improve reset check (git-fixes).
• net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
• net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
• net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
• net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
• net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
• net/dcb: check for detached device before executing callbacks (bsc#1215587).
• net/mlx5e: Fix a race in command alloc flow (git-fixes).
• netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
• netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
• netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
• netfilter: conntrack: work around exceeded receive window (bsc#1223180).
• netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
• nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
• nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
• nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
• nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
• nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
• nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
• nfs: keep server info for remounts (git-fixes).
• nfs: Leave pages in the pagecache if readpage failed (git-fixes).
• nfsd enforce filehandle check for source file in COPY (git-fixes).
• nfsd: Add an nfsd_file_fsync tracepoint (git-fixes).
• nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
• nfsd: Add errno mapping for EREMOTEIO (git-fixes).
• nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes).
• nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
• nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
• nfsd: allow reaping files still under writeback (git-fixes).
• nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
• nfsd: Clean up nfsd_file_put() (git-fixes).
• nfsd: Clean up nfsd_open_verified() (git-fixes).
• nfsd: Clean up nfsd3_proc_create() (git-fixes).
• nfsd: Clean up unused code after rhashtable conversion (git-fixes).
• nfsd: Convert filecache to rhltable (git-fixes).
• nfsd: Convert the filecache to use rhashtable (git-fixes).
• nfsd: De-duplicate hash bucket indexing (git-fixes).
• nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
• nfsd: do not fsync nfsd_files on last close (git-fixes).
• nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
• nfsd: do not kill nfsd_files because of lease break error (git-fixes).
• nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
• nfsd: do not take/put an extra reference when putting a file (git-fixes).
• nfsd: Ensure nf_inode is never dereferenced (git-fixes).
• nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
• nfsd: Fix licensing header in filecache.c (git-fixes).
• nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
• nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
• nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes).
• nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
• nfsd: Fix the filecache LRU shrinker (git-fixes).
• nfsd: fix up the filecache laundrette scheduling (git-fixes).
• nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
• nfsd: Flesh out a documenting comment for filecache.c (git-fixes).
• nfsd: handle errors better in write_ports_addfd() (git-fixes).
• nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
• nfsd: Leave open files out of the filecache LRU (git-fixes).
• nfsd: map EBADF (git-fixes).
• nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
• nfsd: nfsd_file_hash_remove can compute hashval (git-fixes).
• nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
• nfsd: nfsd_file_put() can sleep (git-fixes).
• nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
• nfsd: No longer record nf_hashval in the trace log (git-fixes).
• nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
• nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes).
• nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
• nfsd: Record number of flush calls (git-fixes).
• nfsd: Refactor __nfsd_file_close_inode() (git-fixes).
• nfsd: Refactor nfsd_create_setattr() (git-fixes).
• nfsd: Refactor nfsd_file_gc() (git-fixes).
• nfsd: Refactor nfsd_file_lru_scan() (git-fixes).
• nfsd: Refactor NFSv3 CREATE (git-fixes).
• nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes).
• nfsd: Remove do_nfsd_create() (git-fixes).
• nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
• nfsd: Remove nfsd_file::nf_hashval (git-fixes).
• nfsd: remove the pages_flushed statistic from filecache (git-fixes).
• nfsd: reorganize filecache.c (git-fixes).
• nfsd: Replace the 'init once' mechanism (git-fixes).
• nfsd: Report average age of filecache items (git-fixes).
• nfsd: Report count of calls to nfsd_file_acquire() (git-fixes).
• nfsd: Report count of freed filecache items (git-fixes).
• nfsd: Report filecache LRU size (git-fixes).
• nfsd: Report the number of items evicted by the LRU walk (git-fixes).
• nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
• nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
• nfsd: rework refcounting in filecache (git-fixes).
• nfsd: Separate tracepoints for acquire and create (git-fixes).
• nfsd: Set up an rhashtable for the filecache (git-fixes).
• nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
• nfsd: simplify per-net file cache management (git-fixes).
• nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
• nfsd: simplify the delayed disposal list code (git-fixes).
• nfsd: Trace filecache LRU activity (git-fixes).
• nfsd: Trace filecache opens (git-fixes).
• nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
• nfsd: verify the opened dentry after setting a delegation (git-fixes).
• nfsd: WARN when freeing an item still linked via nf_lru (git-fixes).
• nfsd: Write verifier might go backwards (git-fixes).
• nfsd: Zero counters when the filecache is re-initialized (git-fixes).
• nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362)
• nfsv4: Fixup smatch warning for ambiguous return (git-fixes).
• nilfs2: add missing check for inode numbers on directory entries (git-fixes).
• nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
• nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
• nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
• nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
• nilfs2: fix inode number range checks (git-fixes).
• nilfs2: fix inode number range checks (stable-fixes).
• nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
• nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
• nvme-auth: allow mixing of secret and hash lengths (git-fixes).
• nvme-auth: use transformed key size to create resp (git-fixes).
• nvme-multipath: find NUMA path only for online numa-node (git-fixes).
• nvme-pci: add missing condition check for existence of mapped data (git-fixes).
• nvme-pci: Fix the instructions for disabling power management (git-fixes).
• nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
• nvme: avoid double free special payload (git-fixes).
• nvme: ensure reset state check ordering (bsc#1215492).
• nvme: find numa distance only if controller has valid numa id (git-fixes).
• nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
• nvme: use ctrl state accessor (bsc#1215492).
• nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
• nvmet-passthru: propagate status from id override functions (git-fixes).
• nvmet: always initialize cqe.result (git-fixes).
• nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
• ocfs2: adjust enabling place for la window (bsc#1219224).
• ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
• ocfs2: fix sparse warnings (bsc#1219224).
• ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
• ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
• ocfs2: speed up chain-list searching (bsc#1219224).
• ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
• orangefs: fix out-of-bounds fsid access (git-fixes).
• pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
• pci: Clear Secondary Status errors after enumeration (bsc#1226928)
• pci: Extend ACS configurability (bsc#1228090).
• pci: Fix resource double counting on remove & rescan (git-fixes).
• pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
• pci: Introduce cleanup helpers for device reference counts and locks (git-fixes).
• pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
• pci: keystone: Do not enable BAR 0 for AM654x (git-fixes).
• pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
• pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
• pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
• pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
• pci/aspm: Update save_state when configuration changes (bsc#1226915)
• pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
• pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
• pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
• pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
• pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
• pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
• pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
• pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
• pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
• pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
• pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
• pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
• pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
• pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
• platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
• platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
• platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
• platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
• platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
• platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
• platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
• platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
• platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
• power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
• powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
• powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
• powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
• powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
• powerpc/rtas: clean up includes (bsc#1227487).
• powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
• pwm: stm32: Always do lazy disabling (git-fixes).
• random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
• ras/amd/atl: Fix MI300 bank hash (bsc#1225300).
• ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
• rdma/cache: Release GID table even if leak is detected (git-fixes)
• rdma/device: Return error earlier if port in not valid (git-fixes)
• rdma/hns: Check atomic wr length (git-fixes)
• rdma/hns: Fix incorrect sge nums calculation (git-fixes)
• rdma/hns: Fix insufficient extend DB for VFs. (git-fixes)
• rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
• rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
• rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
• rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes)
• rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
• rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
• rdma/irdma: Drop unused kernel push code (git-fixes)
• rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
• rdma/mana_ib: Ignore optional access flags for MRs (git-fixes).
• rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
• rdma/mlx4: Fix truncated output warning in mad.c (git-fixes)
• rdma/mlx5: Add check for srq max_sge attribute (git-fixes)
• rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
• rdma/restrack: Fix potential invalid address access (git-fixes)
• rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
• regmap-i2c: Subtract reg size from max_write (stable-fixes).
• regulator: bd71815: fix ramp values (git-fixes).
• regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes).
• regulator: irq_helpers: duplicate IRQ name (stable-fixes).
• regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
• Revert 'Add remote for nfs maintainer'
• Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783).
• Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783).
• Revert 'build initrd without systemd' (bsc#1195775)'.
• Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
• Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
• rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
• rpm/guards: fix precedence issue with control flow operator
• rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
• rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211)
• rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2.
• rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5
• rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
• rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
• rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
• rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
• s390: Implement __iowrite32_copy() (bsc#1226502)
• s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
• saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
• sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
• sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
• sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
• scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
• scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
• scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
• scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
• scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
• scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
• scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
• scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
• scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
• scsi: qla2xxx: Complete command early within lock (bsc#1228850).
• scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
• scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
• scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
• scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
• scsi: qla2xxx: Fix flash read failure (bsc#1228850).
• scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
• scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
• scsi: qla2xxx: Indent help text (bsc#1228850).
• scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
• scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
• scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
• scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
• scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
• scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
• scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
• scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
• selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
• selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
• selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
• selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
• selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
• selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
• selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
• selftests/bpf: fix __retval() being always ignored (bsc#1225903).
• selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
• selftests/bpf: make test_align selftest more robust (bsc#1225903).
• selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
• selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
• selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
• selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
• selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
• selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
• selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
• selftests/bpf: test widening for iterating callbacks (bsc#1225903).
• selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
• selftests/bpf: tests for iterating callbacks (bsc#1225903).
• selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
• selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
• selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
• selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
• selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
• selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
• smb: client: ensure to try all targets when finding nested links (bsc#1224020).
• smb: client: guarantee refcounted children from parent session (bsc#1224679.
• soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
• soundwire: cadence: fix invalid PDI offset (stable-fixes).
• spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
• spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
• spi: stm32: Do not warn about spurious interrupts (git-fixes).
• string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
• sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
• sunrpc: Fix gss_free_in_token_pages() (git-fixes).
• sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
• sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
• sunrpc: return proper error from gss_wrap_req_priv (git-fixes).
• supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
• supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
• supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
• tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
• tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
• tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
• tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
• tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
• tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
• tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
• tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
• tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
• tpm, tpm: Implement usage counter for locality (bsc#1082555).
• tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
• tpm: Prevent hwrng from activating during resume (bsc#1082555).
• tracing: Build event generation tests only as modules (git-fixes).
• tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
• tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
• tracing/osnoise: Add osnoise/options file (bsc#1228330)
• tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
• tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
• tracing/osnoise: Make osnoise_instances static (bsc#1228330)
• tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
• tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
• tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
• tracing/timerlat: Notify new max thread latency (bsc#1228330)
• tty: mcf: MCF54418 has 10 UARTS (git-fixes).
• usb-storage: alauda: Check whether the media is initialized (git-fixes).
• usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
• usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
• usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
• usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
• usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
• usb: cdns3: improve handling of unaligned address case (git-fixes).
• usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
• usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
• usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
• usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
• usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
• usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
• usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
• usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
• usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
• usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
• usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
• usb: gadget: printer: fix races against disable (git-fixes).
• usb: gadget: printer: SS+ support (stable-fixes).
• usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
• usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
• usb: serial: mos7840: fix crash on resume (git-fixes).
• usb: serial: option: add Fibocom FM350-GL (stable-fixes).
• usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
• usb: serial: option: add Rolling RW350-GL variants (stable-fixes).
• usb: serial: option: add support for Foxconn T99W651 (stable-fixes).
• usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
• usb: serial: option: add Telit generic core-dump composition (stable-fixes).
• usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
• usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
• usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
• usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
• usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
• usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
• usb: xhci-plat: Do not include xhci.h (git-fixes).
• usb: xhci-plat: fix legacy PHY double init (git-fixes).
• usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
• usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
• usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
• watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
• watchdog: bd9576: Drop 'always-running' property (git-fixes).
• wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
• wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
• wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
• wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
• wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
• wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
• wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
• wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
• wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
• wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
• wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
• wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
• wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
• wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
• wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
• wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
• wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
• wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
• wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
• wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
• wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
• wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
• wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
• wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
• wifi: mwifiex: Fix interface type change (git-fixes).
• wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
• wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
• wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
• wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
• wifi: wilc1000: fix ies_len type in connect path (git-fixes).
• workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
• workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
• x.509: Fix the parser of extended key usage for length (bsc#1218820).
• x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
• x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
• x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
• x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
• x86/bugs: Remove default case for fully switched enums (bsc#1227900).
• x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
• x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
• x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
• x86/mce: Dynamically size space for machine check records (bsc#1222241).
• x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
• x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
• x86/purgatory: Switch to the position-independent small code model (git-fixes).
• x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
• x86/srso: Remove 'pred_cmd' label (bsc#1227900).
• x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
• x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
• xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
• xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
• xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
• xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
• xhci: Fix failure to detect ring expansion need (git-fixes).
• xhci: fix matching completion events with TDs (git-fixes).
• xhci: Fix transfer ring expansion size calculation (git-fixes).
• xhci: Handle TD clearing for multiple streams case (git-fixes).
• xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
• xhci: restre deleted trb fields for tracing (git-fixes).
• xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
• xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
• xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
• xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
• xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
• xhci: update event ring dequeue pointer position to controller correctly (git-fixes).

This update for pam fixes the following issue:

• Prevent cursor escape from the login prompt (bsc#1194818).

SUSE-IU-2024:845-1

This update for xen fixes the following issues:

• CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984).
• CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).

This update for shadow fixes the following issues:

• CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

This update for python-urllib3 fixes the following issues:

• CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)

This update for wicked fixes the following issues:

• Update to version 0.6.76
• compat-suse: warn user and create missing parent config of infiniband children
• client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125)
• ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
• wireless: add frequency-list in station mode (jsc#PED-8715)
• client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664)
• man: add supported bonding options to ifcfg-bonding(5) man page
• arputil: Document minimal interval for getopts
• man: (re)generate man pages from md sources
• client: warn on interface wait time reached
• compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces
• compat-suse: fix infiniband and infiniband child type detection from ifname

This update for Public Cloud fixes the following issues:

• Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below)

• python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067)

• python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075)

This update for dracut fixes the following issues:

• Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690)

This update for suseconnect-ng fixes the following issues:

• Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107)

This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6.

This update for runc fixes the following issues:

• Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13
• Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960)

This update for shadow fixes the following issues:

• Fixed not copying of skel files (bsc#1228770)

This update for bind fixes the following issues:
Update to 9.16.50:

• Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones.
• Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258)

This update for python-azure-agent fixes the following issue:

• The agent service gets restarted in post but may fail due to a missing config file. config files were split into their own package previously. When we detect that we have to restore a config file we also need to restart the agent again (bsc#1227600).

SUSE-IU-2024:674-1

This update for containerd fixes the following issues:

• Revert the noarch change for devel subpackage

This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.

This update for libxml2 fixes the following issues:

• CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

This update for krb5 fixes the following issues:

• CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
• CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

This update for xfsprogs fixes the following issue:

• xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150)

This update for oniguruma fixes the following issues:

• CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).

This update for suse-build-key fixes the following issue:

• Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key

This update for python3 fixes the following issues:

• CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
• CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
• CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
• CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)

This update for suse-build-key fixes the following issue:

• fixed syntax error in auto import shell script (bsc#1227681)

SUSE-IU-2024:583-1

This update for Libreoffice fixes the following issue:
libreoffice was updated from version 7.6.2.1 to 24.2.1.2 (jsc#PED-7496, jsc#PED-8096):

• Highlights of changes up to version 24.2.1.2 are listed in the following release notes:

• Update bundled dependencies:

• New bundled dependencies:

• New required dependencies:

• Build Libreoffice using OpenSSL instead of NSS, since the bundled curl does not support the NSS backend any more