SUSE-SU-2023:2141-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:2141-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:2141-1
Related
Published
2023-05-09T12:29:44Z
Modified
2023-05-09T12:29:44Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
  • CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
  • CVE-2023-23006: Fixed NULL checking against ISERR in drdomaininitresources (bsc#1208845).
  • CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
  • CVE-2023-2176: A vulnerability was found in comparenetdevand_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
  • CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
  • CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
  • CVE-2023-1855: Fixed a use after free in xgenehwmonremove (bsc#1210202).
  • CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150chargerremove (bsc#1210329).
  • CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
  • CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
  • CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
  • CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).

The following non-security bugs were fixed:

  • ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
  • ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
  • ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
  • ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
  • ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
  • ALSA: firewire-tascam: add missing unwind goto in sndtscmstreamstartduplex() (git-fixes).
  • ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
  • ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
  • ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
  • ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
  • ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
  • ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
  • ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
  • ALSA: hda/sigmatel: fix S/PDIF out on Intel D45 motherboards (git-fixes).
  • ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
  • ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
  • ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
  • ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
  • ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
  • ARM: dts: gta04: fix excess dma channel usage (git-fixes).
  • ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
  • ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
  • ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
  • ASN.1: Fix check for strdup() success (git-fixes).
  • ASoC: cs35l41: Only disable internal boost (git-fixes).
  • ASoC: es8316: Handle optional IRQ assignment (git-fixes).
  • ASoC: fslasrcdma: fix potential null-ptr-deref (git-fixes).
  • ASoC: fslmqs: move ofnode_put() to the correct location (git-fixes).
  • Add 42a11bf5c543 cgroup/cpuset: Make cpusetfork() handle CLONEINTO_CGROUP properly
  • Add eee878537941 cgroup/cpuset: Add cpusetcanfork() and cpusetcancelfork() methods
  • Bluetooth: Fix race condition in hidpsessionthread (git-fixes).
  • Bluetooth: L2CAP: Fix use-after-free in l2capdisconnect{req,rsp} (git-fixes).
  • Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
  • IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
  • Input: hpsdcrtc - mark an unused function as _maybeunused (git-fixes).
  • Input: raspberrypi-ts - fix refcount leak in rpitsprobe (git-fixes).
  • KEYS: Add missing function documentation (git-fixes).
  • KEYS: Create static version of publickeyverify_signature (git-fixes).
  • NFS: Cleanup unused rpc_clnt variable (git-fixes).
  • NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
  • NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
  • PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
  • PCI: dwc: Fix PORTLINKCONTROL update when CDM check enabled (git-fixes).
  • PCI: imx6: Install the fault handler only on compatible match (git-fixes).
  • PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
  • PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
  • PCI: pciehp: Fix AB-BA deadlock between resetlock and devicelock (git-fixes).
  • PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
  • RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
  • RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
  • RDMA/irdma: Add ipv4 check to irdmafindlistener() (git-fixes)
  • RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
  • RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
  • Remove obsolete KMP obsoletes (bsc#1210469).
  • Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
  • Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
  • USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
  • USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
  • USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
  • USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
  • USB: serial: option: add Telit FE990 compositions (git-fixes).
  • USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
  • amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
  • arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
  • arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
  • arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
  • arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
  • arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
  • arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
  • arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
  • arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
  • arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
  • arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
  • arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
  • arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
  • arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
  • arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
  • arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
  • bluetooth: Perform careful capability checks in hcisockioctl() (git-fixes).
  • cgroup/cpuset: Wake up cpusetattachwq tasks in cpusetcancelattach() (bsc#1210827).
  • cifs: fix negotiate context parsing (bsc#1210301).
  • clk: add missing ofnodeput() in 'assigned-clocks' property parsing (git-fixes).
  • clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
  • clk: rockchip: rk3399: allow clkcifout to force clkcifout_src to reparent (git-fixes).
  • clk: sprd: set max_register according to mapping range (git-fixes).
  • clocksource/drivers/davinci: Fix memory leak in davincitimerregister when init fails (git-fixes).
  • cpufreq: CPPC: Fix build error without CONFIGACPICPPCCPUFREQFIE (bsc#1210953).
  • cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
  • cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
  • crypto: caam - Clear some memory in instantiate_rng (git-fixes).
  • crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
  • crypto: sa2ul - Select CRYPTO_DES (git-fixes).
  • crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
  • driver core: Do not require dynamicdebug for initcalldebug probe timing (git-fixes).
  • drivers: staging: rtl8723bs: Fix locking in rtwjointimeouthandler() (git-fixes).
  • drivers: staging: rtl8723bs: Fix locking in rtwscantimeout_handler() (git-fixes).
  • drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
  • drm/amd/display: Fix potential null dereference (git-fixes).
  • drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
  • drm/armada: Fix a potential double free in an error handling path (git-fixes).
  • drm/bridge: adv7533: Fix adv7533modevalid for adv7533 and adv7535 (git-fixes).
  • drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
  • drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
  • drm/fb-helper: set x/yresvirtual in drmfbhelpercheck_var (git-fixes).
  • drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
  • drm/i915: Fix fast wake AUX sync len (git-fixes).
  • drm/i915: Make intelgetcrtcnewencoder() less oopsy (git-fixes).
  • drm/i915: fix race condition UAF in i915perfaddconfigioctl (git-fixes).
  • drm/lima/limadrv: Add missing unwind goto in limapdev_probe() (git-fixes).
  • drm/msm/adreno: drop bogus pmruntimeset_active() (git-fixes).
  • drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
  • drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
  • drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
  • drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
  • drm/probe-helper: Cancel previous job before starting new one (git-fixes).
  • drm/rockchip: Drop unbalanced obj unref (git-fixes).
  • drm/vgem: add missing mutex_destroy (git-fixes).
  • drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
  • drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
  • drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
  • dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
  • dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
  • dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
  • dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
  • dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
  • dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
  • e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
  • efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
  • ext4: Fix deadlock during directory rename (bsc#1210763).
  • ext4: Fix possible corruption when moving a directory (bsc#1210763).
  • ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
  • ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
  • ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
  • ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
  • ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
  • ext4: fix incorrect options show of original mountopt and extend mountopt2 (bsc#1210764).
  • ext4: fix possible double unlock when moving a directory (bsc#1210763).
  • ext4: use ext4journalstart/stop for fast commit transactions (bsc#1210793).
  • fbmem: Reject FBACTIVATEKD_TEXT from userspace (git-fixes).
  • firmware: qcom_scm: Clear download bit during reboot (git-fixes).
  • firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
  • fpga: bridge: fix kernel-doc parameter description (git-fixes).
  • hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
  • hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
  • hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
  • i2c: cadence: cdnsi2cmaster_xfer(): Fix runtime PM leak on error path (git-fixes).
  • i2c: hisi: Avoid redundant interrupts (git-fixes).
  • i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
  • i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
  • i915/perf: Replace DRMDEBUG with driver specific drmdbg call (git-fixes).
  • ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
  • iio: adc: at91-sama5d2adc: fix an error code in at91adcallocatetrigger() (git-fixes).
  • iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
  • ipmi: fix SSIF not responding under certain cond (git-fixes).
  • ipmi:ssif: Add send_retries increment (git-fixes).
  • k-m-s: Drop Linux 2.6 support
  • kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
  • kABI: x86/msi: Fix msi message data shadow struct (kabi).
  • kabi/severities: ignore KABI for NVMe target (bsc#1174777).
  • keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
  • locking/rwbase: Mitigate indefinite writer starvation.
  • media: av7110: prevent underflow in writetsto_decoder() (git-fixes).
  • media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
  • media: max9286: Free control handler (git-fixes).
  • media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
  • media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
  • media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
  • media: venus: dec: Fix handling of the start cmd (git-fixes).
  • memstick: fix memory leak if card device is never registered (git-fixes).
  • mm/filemap: fix page end in filemapgetread_batch (bsc#1210768).
  • mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
  • mm: take a page reference when removing device exclusive entries (bsc#1211025).
  • mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
  • mmc: sdhciam654: Set HIGHSPEED_ENA for SDR12 and SDR25 (git-fixes).
  • mtd: core: fix error path for nvmem provider (git-fixes).
  • mtd: core: fix nvmem error reporting (git-fixes).
  • mtd: core: provide unique name for nvmem device, take two (git-fixes).
  • mtd: spi-nor: Fix a trivial typo (git-fixes).
  • net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
  • net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
  • nfsd: call oprelease, even when opfunc returns an error (git-fixes).
  • nilfs2: fix potential UAF of struct nilfsscinfo in nilfssegctorthread() (git-fixes).
  • nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
  • nvme initialize core quirks before calling nvmeinitsubsystem (git-fixes).
  • nvme-auth: uninitialized variable in nvmeauthtransform_key() (git-fixes).
  • nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
  • nvme-hwmon: consistently ignore errors from nvmehwmoninit (git-fixes).
  • nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
  • nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
  • nvme-pci: fix doorbell buffer value endianness (git-fixes).
  • nvme-pci: fix mempool alloc size (git-fixes).
  • nvme-pci: fix page size checks (git-fixes).
  • nvme-pci: fix timeout request state check (git-fixes).
  • nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
  • nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
  • nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
  • nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
  • nvme: Fix IOCPRCLEAR and IOCPRRELEASE ioctls for nvme devices (git-fixes).
  • nvme: add device name to warning in uuid_show() (git-fixes).
  • nvme: catch -ENODEV from nvmerevalidatezones again (git-fixes).
  • nvme: copy firmware_rev on each init (git-fixes).
  • nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
  • nvme: fix async event trace event (git-fixes).
  • nvme: fix handling single range discard request (git-fixes).
  • nvme: fix per-namespace chardev deletion (git-fixes).
  • nvme: fix the NVMECMDEFFECTSCSEMASK definition (git-fixes).
  • nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
  • nvme: improve the NVMECONNECTAUTHREQ* definitions (git-fixes).
  • nvme: move nvmemulticss into nvme.h (git-fixes).
  • nvme: return err on nvmeinitnonmdtslimits fail (git-fixes).
  • nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
  • nvme: set dma alignment to dword (git-fixes).
  • nvme: use commandid instead of req->tag in tracenvmecompleterq() (git-fixes).
  • nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
  • nvmet-tcp: fix incomplete data digest send (git-fixes).
  • nvmet-tcp: fix regression in data_digest calculation (git-fixes).
  • nvmet: add helpers to set the result field for connect commands (git-fixes).
  • nvmet: avoid potential UAF in nvmetreqcomplete() (git-fixes).
  • nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
  • nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
  • nvmet: fix Identify Active Namespace ID list handling (git-fixes).
  • nvmet: fix Identify Controller handling (git-fixes).
  • nvmet: fix Identify Namespace handling (git-fixes).
  • nvmet: fix a memory leak (git-fixes).
  • nvmet: fix a memory leak in nvmetauthset_key (git-fixes).
  • nvmet: fix a use-after-free (git-fixes).
  • nvmet: fix invalid memory reference in nvmetsubsysattrqidmax_show (git-fixes).
  • nvmet: force reconnect when number of queue changes (git-fixes).
  • nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
  • nvmet: only allocate a single slab for bvecs (git-fixes).
  • nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
  • perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpf_output (git fixes).
  • perf/core: Fix the same task check in perfeventset_output (git fixes).
  • perf: Fix check before addeventtogroups() in perfgroup_detach() (git fixes).
  • perf: fix perfeventcontext->time (git fixes).
  • platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
  • platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
  • power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
  • power: supply: generic-adc-battery: fix unit scaling (git-fixes).
  • powerpc/64: Always build with 128-bit long double (bsc#1194869).
  • powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
  • powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
  • powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
  • powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
  • powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
  • powerpc: declare unmodified attribute_group usages const (git-fixes).
  • regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
  • regulator: core: Consistently set mutexowner when using wwmutexlockslow() (git-fixes).
  • regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
  • regulator: fan53555: Explicitly include bits header (git-fixes).
  • regulator: fan53555: Fix wrong TCSSLEWMASK (git-fixes).
  • regulator: stm32-pwr: fix of_iomap leak (git-fixes).
  • remoteproc: Harden rprochandlevdev() against integer overflow (git-fixes).
  • remoteproc: imxrproc: Call ofnode_put() on iteration error (git-fixes).
  • remoteproc: st: Call ofnodeput() on iteration error (git-fixes).
  • remoteproc: stm32: Call ofnodeput() on iteration error (git-fixes).
  • rtc: meson-vrtc: Use ktimegetreal_ts64() to get the current time (git-fixes).
  • rtc: omap: include header for omaprtcpoweroffprogram prototype (git-fixes).
  • sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)).
  • sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)).
  • sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
  • sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
  • sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
  • sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999).
  • schedgetaffinity: do not assume 'cpumasksize()' is fully initialized (bsc#1155798).
  • scsi: aic94xx: Add missing check for dmamapsingle() (git-fixes).
  • scsi: core: Add BLISTNOVPD_SIZE for some VDASD (git-fixes bsc#1203039)
  • scsi: core: Add BLISTSKIPVPD_PAGES for SKhynix H28U74301AMR (git-fixes).
  • scsi: core: Fix a procfs host directory removal regression (git-fixes).
  • scsi: core: Fix a source code comment (git-fixes).
  • scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
  • scsi: hisisas: Check devmadd_action() return value (git-fixes).
  • scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
  • scsi: ipr: Work around fortify-string warning (git-fixes).
  • scsi: iscsitcp: Check that sock is valid before iscsiset_param() (git-fixes).
  • scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
  • scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
  • scsi: kABI workaround for fchostfpin_rcv (git-fixes).
  • scsi: libsas: Remove useless devlist delete in sasexdiscoverend_dev() (git-fixes).
  • scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
  • scsi: lpfc: Check kzalloc() in lpfcsli4cgnparamsread() (git-fixes).
  • scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
  • scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
  • scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
  • scsi: lpfc: Drop redundant pcienablepcieerrorreporting() (bsc#1210943).
  • scsi: lpfc: Fix double word in comments (bsc#1210943).
  • scsi: lpfc: Fix ioremap issues in lpfcsli4pcimemsetup() (bsc#1210943).
  • scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
  • scsi: lpfc: Prevent lpfcdebugfslockstat_write() buffer overflow (bsc#1210943).
  • scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
  • scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
  • scsi: lpfc: Revise lpfcerrorlost_link() reason code evaluation logic (bsc#1210943).
  • scsi: lpfc: Silence an incorrect device output (bsc#1210943).
  • scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
  • scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
  • scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
  • scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
  • scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
  • scsi: mpt3sas: Fix NULL pointer access in mpt3sastransportport_add() (git-fixes).
  • scsi: mpt3sas: Fix a memory leak (git-fixes).
  • scsi: qla2xxx: Fix memory leak in qla2x00probeone() (git-fixes).
  • scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
  • scsi: scsidhalua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
  • scsi: scsitransportfc: Add an additional flag to fchostfpin_rcv() (bsc#1210943).
  • scsi: sd: Fix wrong zonewritegranularity value during revalidate (git-fixes).
  • scsi: ses: Do not attach if enclosure has no components (git-fixes).
  • scsi: ses: Fix possible addldescptr out-of-bounds accesses (git-fixes).
  • scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
  • scsi: ses: Fix slab-out-of-bounds in sesenclosuredata_process() (git-fixes).
  • scsi: ses: Fix slab-out-of-bounds in sesintfremove() (git-fixes).
  • scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
  • seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
  • selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
  • selftests: sigaltstack: fix -Wuninitialized (git-fixes).
  • selinux: ensure av_permissions.h is built when needed (git-fixes).
  • selinux: fix Makefile dependencies of flask.h (git-fixes).
  • serial: 8250: Add missing wakeup event reporting (git-fixes).
  • serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
  • serial: 8250exar: derive nrports from PCI ID for Acces I/O cards (git-fixes).
  • serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
  • signal handling: do not use BUG_ON() for debugging (bsc#1210439).
  • signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
  • signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
  • signal: HANDLEREXIT should clear SIGNALUNKILLABLE (bsc#1210816).
  • soc: ti: pm33xx: Fix refcount leak in am33xxpmprobe (git-fixes).
  • spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
  • spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
  • spi: qup: Do not skip cleanup in remove's error path (git-fixes).
  • staging: iio: resolver: ads1210: fix config mode (git-fixes).
  • staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
  • stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
  • sunrpc: only free unix grouplist after RCU settles (git-fixes).
  • tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
  • tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
  • udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
  • udf: Fix a slab-out-of-bounds write bug in udffindentry() (bsc#1206649).
  • udf: Support splicing to file (bsc#1210770).
  • usb: chipidea: fix missing goto in ci_hdrc_probe (git-fixes).
  • usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
  • usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
  • usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
  • usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
  • usb: gadget: udc: renesasusb3: Fix use after free bug in renesasusb3_remove due to race condition (git-fixes).
  • usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
  • virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
  • virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
  • virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
  • virt/coco/sev-guest: Convert the swexitinfo_2 checking to a switch-case (bsc#1209927).
  • virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
  • virt/coco/sev-guest: Remove the disablevmpck label in handleguest_request() (bsc#1209927).
  • virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
  • virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
  • virtioring: do not update event idx on getbuf (git-fixes).
  • vmcihost: fix a race condition in vmcihost_poll() causing GPF (git-fixes).
  • vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
  • wifi: ath5k: fix an off by one check in ath5keepromreadfreqlist() (git-fixes).
  • wifi: ath6kl: minor fix for allocation size (git-fixes).
  • wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
  • wifi: ath9k: hifusb: fix memory leak of remainskbs (git-fixes).
  • wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassoc_ies() (git-fixes).
  • wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
  • wifi: iwlwifi: debug: fix crash in _iwlerr() (git-fixes).
  • wifi: iwlwifi: fix duplicate entry in iwldevinfo_table (git-fixes).
  • wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
  • wifi: iwlwifi: fw: move memset before early return (git-fixes).
  • wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
  • wifi: iwlwifi: mvm: check firmware response size (git-fixes).
  • wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
  • wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
  • wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
  • wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
  • wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
  • wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
  • wifi: mac80211: adjust scan cancel comment/check (git-fixes).
  • wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
  • wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
  • wifi: mt76: handle failure of vzalloc in mt7615coredumpwork (git-fixes).
  • wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
  • wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
  • wifi: rtlwifi: fix incorrect error codes in rtldebugfssetwritereg() (git-fixes).
  • wifi: rtlwifi: fix incorrect error codes in rtldebugfssetwriterfreg() (git-fixes).
  • wifi: rtw88: mac: Return the original error from rtwmacpower_switch() (git-fixes).
  • wifi: rtw88: mac: Return the original error from rtwpwrseq_parser() (git-fixes).
  • wifi: rtw89: fix potential race condition between napiinit and napienable (git-fixes).
  • writeback, cgroup: fix null-ptr-deref write in bdisplitworktowbs (bsc#1210769).
  • x86/MCE/AMD: Fix memory leak when thresholdcreatebank() fails (git-fixes).
  • x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
  • x86/bug: Prevent shadowing in _WARNFLAGS (git-fixes).
  • x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
  • x86/entry: Avoid very early RET (git-fixes).
  • x86/entry: Do not call error_entry() for XENPV (git-fixes).
  • x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
  • x86/entry: Move PUSHANDCLEARREGS out of errorentry() (git-fixes).
  • x86/entry: Switch the stack after error_entry() returns (git-fixes).
  • x86/fpu: Prevent FPU state corruption (git-fixes).
  • x86/kvm: Preserve BSP MSRKVMPOLL_CONTROL across suspend/resume (git-fixes).
  • x86/msi: Fix msi message data shadow struct (git-fixes).
  • x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
  • x86/traps: Use ptregs directly in fixupbad_iret() (git-fixes).
  • x86/tsx: Disable TSX development mode at boot (git-fixes).
  • x86: _memcpyflushcache: fix wrong alignment if size > 2^32 (git-fixes).
  • xhci: fix debugfs register accesses while suspended (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.49.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-devel": "5.14.21-150400.14.49.1",
            "kernel-devel-azure": "5.14.21-150400.14.49.1",
            "kernel-syms-azure": "5.14.21-150400.14.49.1",
            "kernel-source-azure": "5.14.21-150400.14.49.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.49.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-devel": "5.14.21-150400.14.49.1",
            "kernel-devel-azure": "5.14.21-150400.14.49.1",
            "kernel-syms-azure": "5.14.21-150400.14.49.1",
            "kernel-source-azure": "5.14.21-150400.14.49.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP4 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.49.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-devel": "5.14.21-150400.14.49.1",
            "kernel-devel-azure": "5.14.21-150400.14.49.1",
            "kernel-syms-azure": "5.14.21-150400.14.49.1",
            "kernel-source-azure": "5.14.21-150400.14.49.1"
        }
    ]
}

openSUSE:Leap 15.4 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.49.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-devel-azure": "5.14.21-150400.14.49.1",
            "dlm-kmp-azure": "5.14.21-150400.14.49.1",
            "cluster-md-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-extra": "5.14.21-150400.14.49.1",
            "gfs2-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-optional": "5.14.21-150400.14.49.1",
            "kernel-azure-devel": "5.14.21-150400.14.49.1",
            "kernel-azure": "5.14.21-150400.14.49.1",
            "kselftests-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-syms-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-livepatch-devel": "5.14.21-150400.14.49.1",
            "ocfs2-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-source-azure": "5.14.21-150400.14.49.1"
        }
    ]
}

openSUSE:Leap 15.4 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.49.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-devel-azure": "5.14.21-150400.14.49.1",
            "dlm-kmp-azure": "5.14.21-150400.14.49.1",
            "cluster-md-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-extra": "5.14.21-150400.14.49.1",
            "gfs2-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-optional": "5.14.21-150400.14.49.1",
            "kernel-azure-devel": "5.14.21-150400.14.49.1",
            "kernel-azure": "5.14.21-150400.14.49.1",
            "kselftests-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-syms-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-livepatch-devel": "5.14.21-150400.14.49.1",
            "ocfs2-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-source-azure": "5.14.21-150400.14.49.1"
        }
    ]
}

openSUSE:Leap 15.4 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.14.49.1

Ecosystem specific

{
    "binaries": [
        {
            "reiserfs-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-devel-azure": "5.14.21-150400.14.49.1",
            "dlm-kmp-azure": "5.14.21-150400.14.49.1",
            "cluster-md-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-extra": "5.14.21-150400.14.49.1",
            "gfs2-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-optional": "5.14.21-150400.14.49.1",
            "kernel-azure-devel": "5.14.21-150400.14.49.1",
            "kernel-azure": "5.14.21-150400.14.49.1",
            "kselftests-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-syms-azure": "5.14.21-150400.14.49.1",
            "kernel-azure-livepatch-devel": "5.14.21-150400.14.49.1",
            "ocfs2-kmp-azure": "5.14.21-150400.14.49.1",
            "kernel-source-azure": "5.14.21-150400.14.49.1"
        }
    ]
}