SUSE-SU-2023:0394-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20230394-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0394-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:0394-1
Related
Published
2023-02-13T09:10:27Z
Modified
2023-02-13T09:10:27Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRVCTLIOCTLELEM{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
  • CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
  • CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
  • CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
  • CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).

The following non-security bugs were fixed:

  • ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
  • ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
  • ACPI: PRM: Check whether EFI runtime is available (git-fixes).
  • ACPICA: Allow addressspacehandler Install and _REG execution as 2 separate steps (bsc#1207149).
  • ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
  • ALSA: control-led: use strscpy in setledid() (git-fixes).
  • ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes).
  • ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes).
  • ALSA: hda/realtek - Turn on power early (git-fixes).
  • ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
  • ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
  • ALSA: hda/via: Avoid potential array out-of-bound in addsecretdac_path() (git-fixes).
  • ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes).
  • ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes).
  • ALSA: pcm: Move rwsem lock inside sndctlelem_read to prevent UAF (git-fixes).
  • ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes).
  • ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes).
  • ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
  • ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
  • ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
  • ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
  • ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
  • ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
  • ARM: imx: add missing ofnodeput() (git-fixes).
  • ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
  • ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
  • ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
  • ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
  • ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
  • ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes).
  • ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes).
  • Bluetooth: Fix possible deadlock in rfcommskstate_change (git-fixes).
  • Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
  • Documentation: Remove bogus claim about deltimersync() (git-fixes).
  • HID: betop: check shape of output reports (git-fixes).
  • HID: betop: check shape of output reports (git-fixes, bsc#1207186).
  • HID: check empty reportlist in bigbenprobe() (git-fixes).
  • HID: check empty reportlist in hidvalidate_values() (git-fixes).
  • HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784).
  • HID: intelish-hid: Add check for ishtpdmatxmap (git-fixes).
  • HID: playstation: sanity check DualSense calibration data (git-fixes).
  • HID: revert CHERRYMOUSE000C quirk (git-fixes).
  • IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
  • IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
  • IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
  • IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
  • IB/hfi1: Reserve user expected TIDs (git-fixes)
  • IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
  • KVM: x86: Check for existing Hyper-V vCPU in kvmhvvcpu_init() (bsc#1206616).
  • PCI/PM: Define pcirestorestandardconfig() only for CONFIGPM_SLEEP (bsc#1207269).
  • PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
  • RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
  • RDMA/core: Fix ib block iterator counter overflow (git-fixes)
  • RDMA/mlx5: Fix mlx5ibgethwstats when used for device (git-fixes)
  • RDMA/mlx5: Fix validation of maxrdatomic caps for DC (git-fixes)
  • RDMA/rxe: Prevent faulty rkey generation (git-fixes)
  • RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
  • Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes).
  • Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes).
  • Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes).
  • Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes).
  • Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes).
  • Revert 'wifi: mac80211: fix memory leak in ieee80211ifadd()' (git-fixes).
  • SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
  • SUNRPC: Use BIT() macro in rpcshowxprt_state() (git-fixes).
  • USB: gadget: Fix use-after-free during usb config switch (git-fixes).
  • USB: misc: iowarrior: fix up header size for USBDEVICEIDCODEMERCSIOW100 (git-fixes).
  • USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
  • USB: serial: option: add Quectel EC200U modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
  • USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
  • USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
  • USB: serial: option: add Quectel EM05CN modem (git-fixes).
  • VMCI: Use threaded irqs instead of tasklets (git-fixes).
  • arm64: atomics: format whitespace consistently (git-fixes).
  • arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
  • arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
  • arm64: dts: imx8mm: Fix pad control for UART1DTERX (git-fixes).
  • arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
  • arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
  • arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
  • arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
  • arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
  • ata: libata: Fix satadownspd_limit() when no link speed is reported (git-fixes).
  • ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
  • bcache: fix setatmaxwritebackrate() for multiple attached devices (git-fixes).
  • bfq: fix use-after-free in bfqdispatchrequest (git-fixes).
  • bfq: fix waker_bfqq inconsistency crash (git-fixes).
  • blk-throttle: prevent overflow while calculating wait time (git-fixes).
  • blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
  • blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
  • block, bfq: do not move oom_bfqq (git-fixes).
  • block, bfq: fix null pointer dereference in bfqbiobfqg() (git-fixes).
  • block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
  • block, bfq: fix uaf for bfqq in bfqexiticq_bfqq (git-fixes).
  • block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
  • block/bfq_wf2q: correct weight to ioprio (git-fixes).
  • block/bio: remove duplicate append pages code (git-fixes).
  • block: check minor range in deviceadddisk() (git-fixes).
  • block: ensure iov_iter advances for added pages (git-fixes).
  • block: fix infinite loop for invalid zone append (git-fixes).
  • block: mq-deadline: Fix ddfinishrequest() for zoned devices (git-fixes).
  • block: use bdevgetqueue() in bio.c (git-fixes).
  • bnx2x: fix pci device refcount leak in bnx2xvfispciepending() (git-fixes).
  • bnxten: Fix possible crash in bnxthwrmsetcoal() (git-fixes).
  • bnxten: Remove debugfs when pciregister_driver failed (git-fixes).
  • bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
  • bnxten: fix potentially incorrect return value for ndorxflowsteer (git-fixes).
  • bnxt_en: fix the handling of PCIE-AER (git-fixes).
  • bnxten: refactor bnxtcancel_reservations() (git-fixes).
  • btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
  • btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
  • btrfs: avoid logging all directory changes during renames (bsc#1207263).
  • btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
  • btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
  • btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
  • btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
  • btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
  • btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
  • btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
  • btrfs: fix trace event name typo for FLUSHDELAYEDREFS (git-fixes).
  • btrfs: join running log transaction when logging new name (bsc#1207263).
  • btrfs: move QUOTAENABLED check to rescanshouldstop from btrfsqgrouprescanworker (bsc#1207158).
  • btrfs: pass the dentry to btrfslognew_name() instead of the inode (bsc#1207263).
  • btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
  • btrfs: put initial index value of a directory in a constant (bsc#1207263).
  • btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
  • btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
  • btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
  • btrfs: remove useless path release in the fast fsync path (bsc#1207263).
  • btrfs: remove write and wait of struct walk_control (bsc#1207263).
  • btrfs: stop copying old dir items when logging a directory (bsc#1207263).
  • btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
  • btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263).
  • btrfs: use single variable to track return value at btrfsloginode() (bsc#1207263).
  • bus: sunxi-rsb: Fix error handling in sunxirsbinit() (git-fixes).
  • can: j1939: fix errant WARNONONCE in j1939sessiondeactivate (git-fixes).
  • cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes).
  • cifs: do not query ifaces on smb1 mounts (git-fixes).
  • cifs: fix double free on failed kerberos auth (git-fixes).
  • cifs: fix file info setting in cifsopenfile() (git-fixes).
  • cifs: fix file info setting in cifsquerypath_info() (git-fixes).
  • cifs: fix potential memory leaks in session setup (bsc#1193629).
  • cifs: fix race in assemblenegcontexts() (bsc#1193629).
  • cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
  • cifs: protect access of TCPServerInfo::{dstaddr,hostname} (bsc#1193629).
  • cifs: remove redundant assignment to the variable match (bsc#1193629).
  • comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
  • config: arm64: Fix Freescale LPUART dependency (boo#1204063).
  • cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
  • cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
  • crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184).
  • dm btree: add a defensive bounds check to insert_at() (git-fixes).
  • dm cache: Fix ABBA deadlock between shrinkslab and dmcachemetadataabort (git-fixes).
  • dm cache: Fix UAF in destroy() (git-fixes).
  • dm cache: set needs_check flag after aborting metadata (git-fixes).
  • dm clone: Fix UAF in clone_dtr() (git-fixes).
  • dm integrity: Fix UAF in dmintegritydtr() (git-fixes).
  • dm integrity: clear the journal on suspend (git-fixes).
  • dm integrity: flush the journal on suspend (git-fixes).
  • dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
  • dm ioctl: prevent potential spectre v1 gadget (git-fixes).
  • dm raid: fix address sanitizer warning in raid_resume (git-fixes).
  • dm raid: fix address sanitizer warning in raid_status (git-fixes).
  • dm space map common: add bounds check to smlllookup_bitmap() (git-fixes).
  • dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata (git-fixes).
  • dm thin: Fix UAF in runtimersoftirq() (git-fixes).
  • dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
  • dm thin: resume even if in FAIL mode (git-fixes).
  • dm writecache: set a default MAXWRITEBACKJOBS (git-fixes).
  • dm: fix allocdax error handling in allocdev (git-fixes).
  • dm: requeue IO if mapping table not yet available (git-fixes).
  • dmaengine: Fix double increment of clientcount in dmachan_get() (git-fixes).
  • dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes).
  • dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes).
  • dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit (git-fixes).
  • dmaengine: lgm: Move DT parsing after initialization (git-fixes).
  • dmaengine: tegra210-adma: fix global intr clear (git-fixes).
  • dmaengine: ti: k3-udma: Do conditional decrement of UDMACHANRTPEERBCNT_REG (git-fixes).
  • dmaengine: xilinxdma: call ofnodeput() when breaking out of foreachchildof_node() (git-fixes).
  • docs: Fix the docs build with Sphinx 6.0 (git-fixes).
  • driver core: Fix testasyncprobe_init saves device in wrong array (git-fixes).
  • drivers: net: xgene: disable napi when register irq failed in xgeneenetopen() (git-fixes).
  • drivers:md:fix a potential use-after-free bug (git-fixes).
  • drm/amd/display: Calculate outputcolorspace after pixel encoding adjustment (git-fixes).
  • drm/amd/display: Fix COLORSPACEYCBCR2020_TYPE matrix (git-fixes).
  • drm/amd/display: Fix set scaling doesn's work (git-fixes).
  • drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
  • drm/amd/display: fix issues with driver unload (git-fixes).
  • drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
  • drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
  • drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
  • drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
  • drm/i915/adlp: Fix typo for reference clock (git-fixes).
  • drm/i915/display: Check source height is > 0 (git-fixes).
  • drm/i915/gt: Reset twice (git-fixes).
  • drm/i915/selftest: fix intelselftestmodify_policy argument types (git-fixes).
  • drm/i915: Fix potential bit_17 double-free (git-fixes).
  • drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
  • drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes).
  • drm/msm/dp: do not complete dpauxcmdfifotx() if irq is not for aux transfer (git-fixes).
  • drm/msm: another fix for the headless Adreno GPU (git-fixes).
  • drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
  • drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
  • drm/virtio: Fix GEM handle creation UAF (git-fixes).
  • drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
  • dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes).
  • dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes).
  • dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes).
  • dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes).
  • dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes).
  • efi: fix potential NULL deref in efimemreserve_persistent (git-fixes).
  • efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes).
  • efi: rt-wrapper: Add missing include (git-fixes).
  • efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
  • ext4: Fixup pages without buffers (bsc#1205495).
  • extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
  • fbcon: Check font dimension limits (git-fixes).
  • fbdev: omapfb: avoid stack overflow warning (git-fixes).
  • firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
  • firmware: armscmi: Harden shared memory access in fetchnotification (git-fixes).
  • firmware: armscmi: Harden shared memory access in fetchresponse (git-fixes).
  • fpga: stratix10-soc: Fix return value check in s10opswrite_init() (git-fixes).
  • fs: remove _syncfilesystem (git-fixes).
  • ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
  • ftrace: Clean comments related to FTRACEOPSFLPERCPU (git-fixes).
  • git_sort: add usb-linus branch for gregkh/usb
  • gsmi: fix null-deref in gsmigetvariable (git-fixes).
  • hvnetvsc: Fix missed pagebuf entries in netvscdma_map/unmap() (git-fixes).
  • i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
  • i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
  • i40e: Disallow ip4 and ip6 l44bytes (git-fixes).
  • i40e: Fix error handling in i40einitmodule() (git-fixes).
  • i40e: Fix not setting default xps_cpus after reset (git-fixes).
  • igb: Allocate MSI-X vector when testing (git-fixes).
  • iio: adc: berlin2-adc: Add missing ofnodeput() in error path (git-fixes).
  • iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
  • iio: hid: fix the retval in accel3dcapture_sample (git-fixes).
  • iio: hid: fix the retval in gyro3dcapture_sample (git-fixes).
  • iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
  • iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
  • iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
  • iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
  • iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
  • iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
  • iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
  • iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
  • iio: imu: fxos8700: remove definition FXOS8700CTRLODR_MIN (git-fixes).
  • iio:adc:twl6030: Enable measurement of VAC (git-fixes).
  • iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
  • ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
  • ipmi:ssif: Increase the message retry time (bsc#1206459).
  • ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes).
  • ixgbevf: Fix resource leak in ixgbevfinitmodule() (git-fixes).
  • jbd2: use the correct print format (git-fixes).
  • kABI workaround for struct acpi_ec (bsc#1207149).
  • kABI: Preserve TRACEEVENTFL values (git-fixes).
  • kabi/severities: add mlx5 internal symbols
  • l2tp: Do not sleep and disable BH under writer-side skcallbacklock (git-fixes).
  • loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
  • md/raid5: Wait for MDSBCHANGE_PENDING in raid5d (git-fixes).
  • md: Flush workqueue mdrdevmiscwq in mdalloc() (git-fixes).
  • md: Notify sysfs synccompleted in mdreapsyncthread() (git-fixes).
  • md: protect mdunregisterthread from reentrancy (git-fixes).
  • mei: me: add meteor lake point M DID (git-fixes).
  • memory: atmel-sdramc: Fix missing clkdisableunprepare in atmelramcprobe() (git-fixes).
  • memory: mvebu-devbus: Fix missing clkdisableunprepare in mvebudevbusprobe() (git-fixes).
  • memory: tegra: Remove clients SID override programming (git-fixes).
  • misc: fastrpc: Do not remove map on createrprocess and devicerelease (git-fixes).
  • misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
  • mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
  • mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
  • mm: compaction: support triggering of proactive compaction by user (bsc#1207010).
  • mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes).
  • mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
  • module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
  • mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
  • mt76: mt7921: avoid unnecessary spinlock/spinunlock in mt7921mcutxdoneevent (git-fixes).
  • nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
  • nbd: Fix hung when signal interrupts nbdstartdevice_ioctl() (git-fixes).
  • nbd: call genlunregisterfamily() first in nbd_cleanup() (git-fixes).
  • nbd: fix io hung while disconnecting device (git-fixes).
  • nbd: fix race between nbdallocconfig() and module removal (git-fixes).
  • net/mlx4: Check retval of mlx4bitmapinit (git-fixes).
  • net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
  • net/tg3: resolve deadlock in tg3resettask() during EEH (bsc#1207842).
  • net: cxgb3main: disable napi when bind qsets failed in cxgbup() (git-fixes).
  • net: ena: Fix error handling in ena_init() (git-fixes).
  • net: liquidio: release resources when liquidio driver open failed (git-fixes).
  • net: liquidio: simplify if expression (git-fixes).
  • net: macvlan: Use built-in RCU list checking (git-fixes).
  • net: macvlan: fix memory leaks of macvlancommonnewlink (git-fixes).
  • net: mdio: validate parameter addr in mdiobusgetphy() (git-fixes).
  • net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
  • net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
  • net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
  • net: tun: Fix memory leaks of napigetfrags (git-fixes).
  • net: tun: Fix use-after-free in tun_detach() (git-fixes).
  • net: tun: call napischeduleprep() to ensure we own a napi (git-fixes).
  • net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
  • net: usb: sr9700: Handle negative len (git-fixes).
  • net: wan: Add checks for NULL for utdm in undouhdlcinit and unmapsiregs (git-fixes).
  • netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
  • netrom: Fix use-after-free of a listening socket (git-fixes).
  • nilfs2: fix general protection fault in nilfsbtreeinsert() (git-fixes).
  • nullblk: fix ida error handling in nulladd_dev() (git-fixes).
  • octeontx2-af: Fix reference count issue in rvusdpinit() (jsc#SLE-24682).
  • octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
  • octeontx2-pf: Add check for devm_kcalloc (git-fixes).
  • octeontx2-pf: Fix potential memory leak in otx2inittc() (jsc#SLE-24682).
  • phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes).
  • phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes).
  • phy: rockchip-inno-usb2: Fix missing clkdisableunprepare() in rockchipusb2phypower_on() (git-fixes).
  • phy: ti: fix Kconfig warning and operator precedence (git-fixes).
  • pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
  • pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
  • platform/surface: aggregator: Add missing call to ssamrequestsync_free() (git-fixes).
  • platform/surface: aggregator: Ignore command messages not intended for us (git-fixes).
  • platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
  • platform/x86: dell-privacy: Fix SWCAMERALENS_COVER reporting (git-fixes).
  • platform/x86: dell-privacy: Only register SWCAMERALENS_COVER if present (git-fixes).
  • platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes).
  • platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
  • powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
  • powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
  • powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
  • powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
  • powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
  • powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
  • powerpc/vmlinux.lds: Ensure STRICTALIGNSIZE is at least page aligned (bsc#1194869).
  • powerpc: move _endrodata to cover arch read-only sections (bsc#1194869).
  • qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
  • r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
  • r8169: move rtlwolenablerx() and rtlpreparepowerdown() (git-fixes).
  • regulator: da9211: Use irq handler when ready (git-fixes).
  • s390/qeth: fix various format strings (git-fixes).
  • sched/core: Fix archscalefreq_tick() on tickless systems (git-fixes)
  • sched/core: Introduce schedasymcpucap_active() (git-fixes)
  • sched/cpuset: Fix dlcpubusy() panic due to empty (git-fixes)
  • sched/deadline: Merge dltaskcanattach() and dlcpu_busy() (git-fixes)
  • sched/tracing: Report TASKRTLOCKWAIT tasks as (git-fixes)
  • sched/uclamp: Make asymfitscapacity() use utilfitscpu() (git-fixes)
  • sched: Avoid double preemption in _condresched_lock() (git-fixes)
  • scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSISCANTARGET_PRESENT' (git-fixes).
  • scsi: core: Fix a race between scsidone() and scsitimeout() (git-fixes).
  • scsi: efct: Fix possible memleak in efctdeviceinit() (git-fixes).
  • scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes).
  • scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
  • scsi: fcoe: Fix transport not deattached when fcoeifinit() fails (git-fixes).
  • scsi: hpsa: Fix allocation size for scsihostalloc() (git-fixes).
  • scsi: hpsa: Fix error handling in hpsaaddsas_host() (git-fixes).
  • scsi: hpsa: Fix possible memory leak in hpsaaddsas_device() (git-fixes).
  • scsi: hpsa: Fix possible memory leak in hpsainitone() (git-fixes).
  • scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
  • scsi: mpi3mr: Refer CONFIGSCSIMPI3MR in Makefile (git-fixes).
  • scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportport_add() (git-fixes).
  • scsi: mpt3sas: Remove scsidmamap() error messages (git-fixes).
  • scsi: scsidebug: Fix a warning in respreport_zones() (git-fixes).
  • scsi: scsidebug: Fix a warning in respverify() (git-fixes).
  • scsi: scsidebug: Fix a warning in respwrite_scat() (git-fixes).
  • scsi: scsidebug: Fix possible name leak in sdebugaddhosthelper() (git-fixes).
  • scsi: snic: Fix possible UAF in snictgtcreate() (git-fixes).
  • scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
  • scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006).
  • scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
  • scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
  • scsi: ufs: core: Enable link lost interrupt (git-fixes).
  • sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
  • selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
  • selftests: Provide local define of _cpuidcount() (git-fixes).
  • serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
  • serial: atmel: fix incorrect baudrate setup (git-fixes).
  • serial: pchuart: Pass correct sg to dmaunmap_sg() (git-fixes).
  • sfc: fix potential memleak in _ef100hardstartxmit() (git-fixes).
  • soc: imx8m: Fix incorrect check for ofclkgetbyname() (git-fixes).
  • spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
  • staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
  • staging: vchiqarm: fix enum vchiqstatus return types (git-fixes).
  • swim3: add missing major.h include (git-fixes).
  • tcp: prohibit TCPREPAIROPTIONS if data was already sent (git-fixes).
  • thermal/core: Remove duplicate information when an error occurs (git-fixes).
  • thunderbolt: Do not call PM runtime functions in tbretimerscan() (git-fixes).
  • thunderbolt: Do not report errors if on-board retimers are found (git-fixes).
  • thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes).
  • tick/nohz: Use WARNONONCE() to prevent console saturation.
  • tick/sched: Fix non-kernel-doc comment (git-fixes).
  • tomoyo: fix broken dependency on *.conf.default (git-fixes).
  • tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
  • tracing/hist: Fix issue of losting command info in error_log (git-fixes).
  • tracing/hist: Fix out-of-bound write on 'actiondata.varref_idx' (git-fixes).
  • tracing/hist: Fix wrong return value in parseactionparams() (git-fixes).
  • tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
  • tracing/perf: Avoid -Warray-bounds warning for _relloc macro (git-fixes).
  • tracing/probes: Handle system names with hyphens (git-fixes).
  • tracing: Add '_relloc' using trace event macros (git-fixes).
  • tracing: Add DYNAMIC flag for dynamic events (git-fixes).
  • tracing: Add traceevent helper macros _stringlen() and _assignstrlen() (git-fixes).
  • tracing: Avoid -Warray-bounds warning for _relloc macro (git-fixes).
  • tracing: Do not use out-of-sync va_list in event printing (git-fixes).
  • tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
  • tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
  • tracing: Fix complicated dependency of CONFIGTRACERMAX_TRACE (git-fixes).
  • tracing: Fix infinite loop in tracingreadpipe on overflowed printtraceline (git-fixes).
  • tracing: Fix issue of missing one synthetic field (git-fixes).
  • tracing: Fix mismatched comment in _stringlen (git-fixes).
  • tracing: Fix possible memory leak in _createsynth_event() error path (git-fixes).
  • tracing: Fix race where histograms can be called before the event (git-fixes).
  • tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
  • tracing: Fix tpprintk option related with tpprintkstopon_boot (git-fixes).
  • tracing: Fix warning on variable 'struct trace_array' (git-fixes).
  • tracing: Have TRACEDEFINEENUM affect trace event types as well (git-fixes).
  • tracing: Have syscall trace events use traceeventbufferlockreserve() (git-fixes).
  • tracing: Have type enum modifications copy the strings (git-fixes).
  • tracing: Make tp_printk work on syscall tracepoints (git-fixes).
  • tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
  • tracing: incorrect isolatemotet cast in mmvmscanlru_isolate (git-fixes).
  • tty: fix possible null-ptr-defer in spkttyiorelease (git-fixes).
  • tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes).
  • usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes).
  • usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
  • usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
  • usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
  • usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
  • usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
  • usb: gadget: ffs: Ensure ep0req is dequeued before freerequest (git-fixes).
  • usb: gadget: ffs: Fix unbalanced spinlock in _ffsep0queue_wait (git-fixes).
  • usb: gadget: ffs: Prevent race during ffsep0queuewait (git-fixes).
  • usb: gadget: fncm: fix potential NULL ptr deref in ncmbitrate() (git-fixes).
  • usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
  • usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes).
  • usb: gadget: udc: core: Print error code in usbgadgetprobe_driver() (git-fixes).
  • usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes).
  • usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
  • usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes).
  • usb: host: ehci-fsl: Fix module alias (git-fixes).
  • usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
  • usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
  • usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
  • usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
  • vcscreen: move load of struct vcdata pointer in vcs_read() to avoid UAF (git-fixes).
  • vfs: make syncfilesystem return errors from ->syncfs (git-fixes).
  • virtio-blk: modify the value type of num in virtioqueuerq() (git-fixes).
  • virtio-net: correctly enable callback during start_xmit (git-fixes).
  • virtio_pci: modify ENOENT to EINVAL (git-fixes).
  • w1: fix WARNING after calling w1_process() (git-fixes).
  • w1: fix deadloop in _w1removemasterdevice() (git-fixes).
  • wait: Fix _waitevent_hrtimeout for RT/DL tasks (git-fixes)
  • watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
  • watchdog: diag288wdt: fix _diag288() inline assembly (bsc#1207497).
  • wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes).
  • wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
  • wifi: mt76: mt7921: add mt7921mutexacquire at mt7921stasetdecapoffload (git-fixes).
  • wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes).
  • wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
  • wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
  • wifi: rndiswlan: Prevent buffer overflow in rndisquery_oid (git-fixes).
  • x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
  • x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
  • xfs: Fix unreferenced object reported by kmemleak in xfssysfsinit() (git-fixes).
  • xfs: fix incorrect error-out in xfs_remove (git-fixes).
  • xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
  • xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
  • xfs: fix memory leak in xfserrortaginit (git-fixes).
  • xfs: get rid of assert from xfsbtreeislastblock (git-fixes).
  • xfs: get root inode correctly at bulkstat (git-fixes).
  • xfs: initialize the check_owner object fully (git-fixes).
  • xfs: prevent a WARNONCE() in xfsiocattrlist() (git-fixes).
  • xfs: reject crazy array sizes being fed to XFSIOCGETBMAP* (git-fixes).
  • xfs: return errors in xfsfssync_fs (git-fixes).
  • xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370).
  • xhci-pci: set the dma maxsegsize (git-fixes).
  • xhci: Fix null pointer dereference when host dies (git-fixes).
  • zram: Delete patch for regression addressed (bsc#1207933).
  • zram: do not lookup algorithm in backends table (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.34.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-devel": "5.14.21-150400.14.34.1",
            "kernel-devel-azure": "5.14.21-150400.14.34.1",
            "kernel-syms-azure": "5.14.21-150400.14.34.1",
            "kernel-source-azure": "5.14.21-150400.14.34.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.34.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-devel": "5.14.21-150400.14.34.1",
            "kernel-devel-azure": "5.14.21-150400.14.34.1",
            "kernel-syms-azure": "5.14.21-150400.14.34.1",
            "kernel-source-azure": "5.14.21-150400.14.34.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.34.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-devel": "5.14.21-150400.14.34.1",
            "kernel-devel-azure": "5.14.21-150400.14.34.1",
            "kernel-syms-azure": "5.14.21-150400.14.34.1",
            "kernel-source-azure": "5.14.21-150400.14.34.1"
        }
    ]
}

openSUSE:Leap 15.4 / kernel-azure

Package

Name
kernel-azure
Purl
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.34.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-devel-azure": "5.14.21-150400.14.34.1",
            "dlm-kmp-azure": "5.14.21-150400.14.34.1",
            "cluster-md-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-extra": "5.14.21-150400.14.34.1",
            "gfs2-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-optional": "5.14.21-150400.14.34.1",
            "kernel-azure-devel": "5.14.21-150400.14.34.1",
            "kernel-azure": "5.14.21-150400.14.34.1",
            "kselftests-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-syms-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-livepatch-devel": "5.14.21-150400.14.34.1",
            "ocfs2-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-source-azure": "5.14.21-150400.14.34.1"
        }
    ]
}

openSUSE:Leap 15.4 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.34.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-devel-azure": "5.14.21-150400.14.34.1",
            "dlm-kmp-azure": "5.14.21-150400.14.34.1",
            "cluster-md-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-extra": "5.14.21-150400.14.34.1",
            "gfs2-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-optional": "5.14.21-150400.14.34.1",
            "kernel-azure-devel": "5.14.21-150400.14.34.1",
            "kernel-azure": "5.14.21-150400.14.34.1",
            "kselftests-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-syms-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-livepatch-devel": "5.14.21-150400.14.34.1",
            "ocfs2-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-source-azure": "5.14.21-150400.14.34.1"
        }
    ]
}

openSUSE:Leap 15.4 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.34.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-devel-azure": "5.14.21-150400.14.34.1",
            "dlm-kmp-azure": "5.14.21-150400.14.34.1",
            "cluster-md-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-extra": "5.14.21-150400.14.34.1",
            "gfs2-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-optional": "5.14.21-150400.14.34.1",
            "kernel-azure-devel": "5.14.21-150400.14.34.1",
            "kernel-azure": "5.14.21-150400.14.34.1",
            "kselftests-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-syms-azure": "5.14.21-150400.14.34.1",
            "kernel-azure-livepatch-devel": "5.14.21-150400.14.34.1",
            "ocfs2-kmp-azure": "5.14.21-150400.14.34.1",
            "kernel-source-azure": "5.14.21-150400.14.34.1"
        }
    ]
}