SUSE-SU-2023:4414-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4414-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4414-1
Related
Published
2023-11-10T17:12:52Z
Modified
2023-11-10T17:12:52Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
  • CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
  • CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
  • CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
  • CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
  • CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
  • CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
  • CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
  • CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAPNETADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
  • CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
  • CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592)

The following non-security bugs were fixed:

  • 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
  • ACPI: irq: Fix incorrect return value in acpiregistergsi() (git-fixes).
  • ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
  • ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
  • ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
  • ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
  • ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
  • ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
  • ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
  • ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
  • ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
  • ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
  • ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
  • ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
  • ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
  • ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
  • ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
  • ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
  • ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
  • ASoC: fsl: imx-pcm-rpmsg: Add SNDRVPCMINFO_BATCH flag (git-fixes).
  • ASoC: imx-rpmsg: Set ignorepmdowntime for dai_link (git-fixes).
  • ASoC: pxa: fix a memory leak in probe() (git-fixes).
  • Bluetooth: Avoid redundant authentication (git-fixes).
  • Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
  • Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
  • Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
  • Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
  • Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
  • Bluetooth: hcicodec: Fix leaking content of localcodecs (git-fixes).
  • Bluetooth: hci_event: Fix coding style (git-fixes).
  • Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
  • Bluetooth: hci_event: Ignore NULL link key (git-fixes).
  • Bluetooth: hcisock: Correctly bounds check and pad HCIMONNEWINDEX name (git-fixes).
  • Bluetooth: hcisock: fix slab oob read in createmonitor_event (git-fixes).
  • Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
  • Documentation: qat: change kernel version (PED-6401).
  • Documentation: qat: rewrite description (PED-6401).
  • Drivers: hv: vmbus: Call hvsynicfree() if hvsynicalloc() fails (git-fixes).
  • Drivers: hv: vmbus: Fix vmbuswaitfor_unload() to scan present CPUs (git-fixes).
  • Drop amdgpu patch causing spamming (bsc#1215523).
  • HID: holtek: fix slab-out-of-bounds Write in holtekkbdinput_event (git-fixes).
  • HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
  • HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
  • HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
  • HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
  • HID: sony: remove duplicate NULL check before calling usbfreeurb() (git-fixes).
  • IB/mlx4: Fix the size of a buffer in addportentries() (git-fixes)
  • Input: goodix - ensure int GPIO is in input for gpiocount == 1 && gpioint_idx == 0 case (git-fixes).
  • Input: powermate - fix use-after-free in powermateconfigcomplete (git-fixes).
  • Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
  • Input: xpad - add PXN V900 support (git-fixes).
  • KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
  • KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
  • KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
  • KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
  • KVM: x86: Fix clang -Wimplicit-fallthrough in dohostcpuid() (git-fixes).
  • KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
  • KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
  • KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
  • KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
  • KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
  • NFS: Fix O_DIRECT locking issues (bsc#1211162).
  • NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
  • NFS: Fix a potential data corruption (bsc#1211162).
  • NFS: Fix a use after free in nfsdirectjoin_group() (bsc#1211162).
  • NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
  • NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
  • NFS: More fixes for nfsdirectwriterescheduleio() (bsc#1211162).
  • NFS: Use the correct commit info in nfsjoinpage_group() (bsc#1211162).
  • NFSD: Never call nfsdfilegc() in foreground paths (bsc#1215545).
  • RDMA/cma: Fix truncation compilation warning in makecmaports (git-fixes)
  • RDMA/cma: Initialize ibsamulticast structure to 0 when join (git-fixes)
  • RDMA/core: Require admin capabilities to set system parameters (git-fixes)
  • RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
  • RDMA/mlx5: Fix NULL string error (git-fixes)
  • RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
  • RDMA/siw: Fix connection failure handling (git-fixes)
  • RDMA/srp: Do not call scsidone() from srpabort() (git-fixes)
  • RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
  • Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
  • Revert 'tty: ngsm: fix UAF in gsmcleanup_mux' (git-fixes).
  • USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
  • USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
  • USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
  • arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
  • ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
  • ata: libata-core: Fix ataportrequest_pm() locking (git-fixes).
  • ata: libata-core: Fix port and device removal (git-fixes).
  • ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
  • ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
  • blk-cgroup: Fix NULL deref caused by blkgpolicydata being installed before init (bsc#1216062).
  • blk-cgroup: support to track if policy is online (bsc#1216062).
  • bonding: Fix extraction of ports from the packet headers (bsc#1214754).
  • bonding: Return pointer to data after pull on skb (bsc#1214754).
  • bonding: do not assume skb mac_header is set (bsc#1214754).
  • bpf: Add copymapvalue_long to copy to remote percpu memory (git-fixes).
  • bpf: Add missing btfput to registerbtfiddtor_kfuncs (git-fixes).
  • bpf: Add override check to kprobe multi link attach (git-fixes).
  • bpf: Add zeromapvalue to zero map value with special fields (git-fixes).
  • bpf: Cleanup checkrefcountok (git-fixes).
  • bpf: Fix max stack depth check for async callbacks (git-fixes).
  • bpf: Fix offset calculation error in _copymapvalue and zeromap_value (git-fixes).
  • bpf: Fix refobjid for dynptr data slices in verifier (git-fixes).
  • bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
  • bpf: Fix subprog idx logic in checkmaxstack_depth (git-fixes).
  • bpf: Gate dynptr API behind CAP_BPF (git-fixes).
  • bpf: Prevent decltag from being referenced in funcproto arg (git-fixes).
  • bpf: Repeat checkmaxstack_depth for async callbacks (git-fixes).
  • bpf: Tighten ptrtobtf_id checks (git-fixes).
  • bpf: fix precision propagation verbose logging (git-fixes).
  • bpf: prevent decltag from being referenced in funcproto (git-fixes).
  • bpf: propagate precision across all frames, not just the last one (git-fixes).
  • bpf: propagate precision in ALU/ALU64 operations (git-fixes).
  • btf: Export bpf_dynptr definition (git-fixes).
  • btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
  • bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
  • bus: ti-sysc: Use fsleep() instead of usleeprange() in syscreset() (git-fixes).
  • ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
  • ceph: add encryption support to writepage and writepages (jsc#SES-1880).
  • ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
  • ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
  • ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
  • ceph: add new mount option to enable sparse reads (jsc#SES-1880).
  • ceph: add object version support for sync read (jsc#SES-1880).
  • ceph: add read/modify/write to cephsyncwrite (jsc#SES-1880).
  • ceph: add some fscrypt guardrails (jsc#SES-1880).
  • ceph: add support for encrypted snapshot names (jsc#SES-1880).
  • ceph: add support to readdir for encrypted names (jsc#SES-1880).
  • ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
  • ceph: align data in pages in cephsyncwrite (jsc#SES-1880).
  • ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
  • ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
  • ceph: decode alternate_name in lease info (jsc#SES-1880).
  • ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
  • ceph: drop messages from MDS when unmounting (jsc#SES-1880).
  • ceph: encode encrypted name in cephmdscbuild_path and dentry release (jsc#SES-1880).
  • ceph: fix incorrect revoked caps assert in cephfillfile_size() (bsc#1216322).
  • ceph: fix type promotion bug on 32bit systems (bsc#1216324).
  • ceph: fix updating itruncatepagecache_size for fscrypt (jsc#SES-1880).
  • ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
  • ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
  • ceph: implement -o testdummyencryption mount option (jsc#SES-1880).
  • ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
  • ceph: make cephfilltrace and cephgetname decrypt names (jsc#SES-1880).
  • ceph: make cephmsdcbuild_path use ref-walk (jsc#SES-1880).
  • ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
  • ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
  • ceph: make numfwd and numretry to __u32 (jsc#SES-1880).
  • ceph: mark directory as non-complete after loading key (jsc#SES-1880).
  • ceph: pass the request to parsereplyinfo_readdir() (jsc#SES-1880).
  • ceph: plumb in decryption during reads (jsc#SES-1880).
  • ceph: preallocate inode for ops that may create one (jsc#SES-1880).
  • ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
  • ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
  • ceph: send alternate_name in MClientRequest (jsc#SES-1880).
  • ceph: set DCACHENOKEYNAME flag in cephlookup/atomicopen() (jsc#SES-1880).
  • ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
  • ceph: switch cephlookup/atomicopen() to use new fscrypt helper (jsc#SES-1880).
  • ceph: use osdreqopextentosd_iter for netfs reads (jsc#SES-1880).
  • ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
  • ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
  • cgroup/cpuset: Change references of cpusetmutex to cpusetrwsem (bsc#1215955).
  • cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
  • clk: tegra: fix error return case for recalc_rate (git-fixes).
  • counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
  • crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
  • crypto: qat - Remove unused function declarations (PED-6401).
  • crypto: qat - add fw_counters debugfs file (PED-6401).
  • crypto: qat - add heartbeat counters check (PED-6401).
  • crypto: qat - add heartbeat feature (PED-6401).
  • crypto: qat - add internal timer for qat 4xxx (PED-6401).
  • crypto: qat - add measure clock frequency (PED-6401).
  • crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
  • crypto: qat - add qatzlibdeflate (PED-6401).
  • crypto: qat - add support for 402xx devices (PED-6401).
  • crypto: qat - change value of default idle filter (PED-6401).
  • crypto: qat - delay sysfs initialization (PED-6401).
  • crypto: qat - do not export adfinitadmin_pm() (PED-6401).
  • crypto: qat - drop log level of msg in getinstancenode() (PED-6401).
  • crypto: qat - drop obsolete heartbeat interface (PED-6401).
  • crypto: qat - drop redundant adfenableaer() (PED-6401).
  • crypto: qat - expose pmidleenabled through sysfs (PED-6401).
  • crypto: qat - extend buffer list logic interface (PED-6401).
  • crypto: qat - extend configuration for 4xxx (PED-6401).
  • crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
  • crypto: qat - fix concurrency issue when device state changes (PED-6401).
  • crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
  • crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
  • crypto: qat - make fw images name constant (PED-6401).
  • crypto: qat - make state machine functions static (PED-6401).
  • crypto: qat - move dbgfs init to separate file (PED-6401).
  • crypto: qat - move returns to default case (PED-6401).
  • crypto: qat - refactor device restart logic (PED-6401).
  • crypto: qat - refactor fw config logic for 4xxx (PED-6401).
  • crypto: qat - remove ADFSTATUSPF_RUNNING flag from probe (PED-6401).
  • crypto: qat - replace state machine calls (PED-6401).
  • crypto: qat - replace the if statement with min() (PED-6401).
  • crypto: qat - set deprecated capabilities as reserved (PED-6401).
  • crypto: qat - unmap buffer before free for DH (PED-6401).
  • crypto: qat - unmap buffers before free for RSA (PED-6401).
  • crypto: qat - update slice mask for 4xxx devices (PED-6401).
  • crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
  • dmaengine: idxd: use spinlockirqsave before waiteventlock_irq (git-fixes).
  • dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
  • dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
  • drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
  • drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
  • drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
  • drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
  • drm/amdgpu/nbio4.3: set proper rmmioremap.regoffset for SR-IOV (git-fixes).
  • drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
  • drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
  • drm/amdgpu: add missing NULL check (git-fixes).
  • drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
  • drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
  • drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
  • drm/atomic-helper: relax unregistered connector check (git-fixes).
  • drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
  • drm/i915/gt: Fix reservation address in ggttreserveguc_top (git-fixes).
  • drm/i915: Retry gtt fault when out of fence registers (git-fixes).
  • drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
  • drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
  • drm/msm/dpu: change dpuplanecalcbw() to use u64 to avoid overflow (git-fixes).
  • drm/msm/dsi: fix irqofparseandmap() error checking (git-fixes).
  • drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
  • drm/vmwgfx: fix typo of sizeof argument (git-fixes).
  • drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
  • firmware: armffa: Do not set the memory region attributes for MEMLEND (git-fixes).
  • firmware: imx-dsp: Fix an error handling path in imxdspsetup_channels() (git-fixes).
  • fprobe: Ensure running fprobeexithandler() finished before calling rethook_free() (git-fixes).
  • fscrypt: new helper function - fscryptpreparelookup_partial() (jsc#SES-1880).
  • gpio: aspeed: fix the GPIO number passed to pinctrlgpioset_config() (git-fixes).
  • gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
  • gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
  • gpio: tb10x: Fix an error handling path in tb10xgpioprobe() (git-fixes).
  • gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
  • gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
  • gve: Do not fully free QPL pages on prefill errors (git-fixes).
  • i2c: i801: unregister tcopdev in i801probe() error path (git-fixes).
  • i2c: mux: Avoid potential false error message in i2cmuxadd_adapter (git-fixes).
  • i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
  • i2c: mux: gpio: Add missing fwnodehandleput() (git-fixes).
  • i2c: mux: gpio:�Replace custom acpigetlocal_address() (git-fixes).
  • i2c: npcm7xx: Fix callback completion ordering (git-fixes).
  • ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
  • iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
  • iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
  • iio: pressure: ms5611: ms5611promis_valid false negative bug (git-fixes).
  • intel x86 platform vsec kABI workaround (bsc#1216202).
  • iouring/fs: remove sqe->rwflags checking from LINKAT (git-fixes).
  • io_uring/rw: defer fsnotify calls to task context (git-fixes).
  • iouring/rw: ensure kiocbend_write() is always called (git-fixes).
  • io_uring/rw: remove leftover debug statement (git-fixes).
  • io_uring: Replace 0-length array with flexible array (git-fixes).
  • iouring: ensure REQF_ISREG is set async offload (git-fixes).
  • io_uring: fix fdinfo sqe offsets calculation (git-fixes).
  • io_uring: fix memory leak when removing provided buffers (git-fixes).
  • iommu/amd/io-pgtable: Implement mappages iopgtable_ops callback (bsc#1212423).
  • iommu/amd/io-pgtable: Implement unmappages iopgtable_ops callback (bsc#1212423).
  • iommu/amd: Add map/unmappages() iommudomain_ops callback support (bsc#1212423).
  • iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
  • kABI: fix bpf Tighten-ptrtobtf_id checks (git-fixes).
  • kabi: blkcgpolicydata fix KABI (bsc#1216062).
  • kabi: workaround for enum nfttransphase (bsc#1215104).
  • kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
  • leds: Drop BUGON check for LEDCOLORIDMULTI (git-fixes).
  • libceph: add CEPHOSDOPASSERTVER support (jsc#SES-1880).
  • libceph: add new ioviter-based cephmsgdatatype and cephosddata_type (jsc#SES-1880).
  • libceph: add sparse read support to OSD client (jsc#SES-1880).
  • libceph: add sparse read support to msgr1 (jsc#SES-1880).
  • libceph: add spinlock around osd->o_requests (jsc#SES-1880).
  • libceph: allow cephosdcnew_request to accept a multi-op read (jsc#SES-1880).
  • libceph: define struct cephsparseextent and add some helpers (jsc#SES-1880).
  • libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
  • libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
  • libceph: use kernel_connect() (bsc#1216323).
  • mm, memcg: reconsider kmem.limitinbytes deprecation (bsc#1208788 bsc#1213705).
  • mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
  • mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
  • mmc: mtk-sd: Use readlpolltimeoutatomic in msdcreset_hw (git-fixes).
  • mtd: physmap-core: Restore map_rom fallback (git-fixes).
  • mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
  • mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
  • mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
  • mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
  • mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
  • net/sched: fix netdevice reference leaks in attachdefaultqdiscs() (git-fixes).
  • net: mana: Fix TX CQE error handling (bsc#1215986).
  • net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
  • net: nfc: llcp: Add lock when modifying device list (git-fixes).
  • net: rfkill: gpio: prevent value glitch during probe (git-fixes).
  • net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
  • net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
  • net: usb: dm9601: fix uninitialized variable use in dm9601mdioread (git-fixes).
  • net: usb: smsc75xx: Fix uninit-value access in _smsc75xxread_reg (git-fixes).
  • net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
  • net: use skistcp() in more places (git-fixes).
  • netfilter: nftables: add NFTTRANSPREPAREERROR to deal with bound set/chain (git-fixes).
  • netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
  • nfc: nci: assert requested protocol is valid (git-fixes).
  • nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
  • nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
  • nilfs2: fix potential use after free in nilfsgccachesubmitreaddata() (git-fixes).
  • nvme-fc: Prevent null pointer dereference in nvmefcio_getuuid() (bsc#1214842).
  • phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
  • phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
  • phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
  • pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
  • pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
  • platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
  • platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
  • platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
  • platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
  • platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
  • platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
  • platform/x86: asus-wmi: Change ASUSWMIBRN_DOWN code from 0x20 to 0x2e (git-fixes).
  • platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
  • platform/x86: think-lmi: Fix reference leak (git-fixes).
  • platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
  • power: supply: ucs1002: fix error code in ucs1002getproperty() (git-fixes).
  • quota: Fix slow quotaoff (bsc#1216621).
  • r8152: check budget for r8152_poll() (git-fixes).
  • regmap: fix NULL deref on lookup (git-fixes).
  • regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
  • remove unnecessary WARNONONCE() (bsc#1214823).
  • ring-buffer: Avoid softlockup in ringbufferresize() (git-fixes).
  • ring-buffer: Do not attempt to read past 'commit' (git-fixes).
  • ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
  • ring-buffer: Update 'shortest_full' in polling (git-fixes).
  • s390/cio: fix a memleak in cssallocsubchannel (git-fixes bsc#1216510).
  • s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
  • sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
  • sched/deadline,rt: Remove unused parameter from picknext[rt|dl]_entity() (git fixes (sched)).
  • sched/rt: Fix live lock between selectfallbackrq() and RT push (git fixes (sched)).
  • sched/rt: Fix sysctlschedrr_timeslice intial value (git fixes (sched)).
  • scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
  • scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
  • scsi: iscsi: Add length check for nlattr payload (git-fixes).
  • scsi: iscsi: Add strlen() check in iscsiifset{host}param() (git-fixes).
  • scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
  • scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
  • scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
  • scsi: pm8001: Setup IRQs on resume (git-fixes).
  • scsi: qedf: Do not touch _user pointer in qedfdbgdebugcmd_read() directly (git-fixes).
  • scsi: qedf: Do not touch _user pointer in qedfdbgfpintcmdread() directly (git-fixes).
  • scsi: qedf: Do not touch _user pointer in qedfdbgstopioonerrorcmdread() directly (git-fixes).
  • scsi: qedi: Fix potential deadlock on &qedipercpu->pwork_lock (git-fixes).
  • scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
  • selftests/bpf: Add more tests for checkmaxstack_depth bug (git-fixes).
  • selftests/bpf: Add reproducer for decltag in funcproto argument (git-fixes).
  • selftests/bpf: Add reproducer for decltag in funcproto return type (git-fixes).
  • selftests/bpf: Add selftest for checkstackmax_depth bug (git-fixes).
  • selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
  • serial: 8250_port: Check IRQ data before use (git-fixes).
  • soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
  • spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
  • spi: stm32: add a delay before SPI disable (git-fixes).
  • spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
  • spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
  • thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
  • thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
  • thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
  • tracing: Have current_trace inc the trace array ref count (git-fixes).
  • tracing: Have event inject files inc the trace array ref count (git-fixes).
  • tracing: Have option files inc the trace array ref count (git-fixes).
  • tracing: Have tracingmaxlatency inc the trace array ref count (git-fixes).
  • tracing: Increase trace array ref count on enable and filter files (git-fixes).
  • tracing: Make tracemarker{,raw} stream-like (git-fixes).
  • usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
  • usb: dwc3: Soft reset phy on probe for host (git-fixes).
  • usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
  • usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
  • usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
  • usb: musb: Get the musbqh poniter after musbgiveback (git-fixes).
  • usb: musb: Modify the 'HWVers' register address (git-fixes).
  • usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
  • usb: typec: ucsi: Clear EVENTPENDING bit if ucsisend_command fails (git-fixes).
  • usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
  • vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
  • vringh: do not use vringhkiovadvance() in vringhiovxfer() (git-fixes).
  • watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
  • watchdog: iTCOwdt: Set NOREBOOT if the watchdog is not already running (git-fixes).
  • wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
  • wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
  • wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
  • wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
  • wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
  • wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
  • wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
  • wifi: mwifiex: Fix oob check condition in mwifiexprocessrx_packet (git-fixes).
  • wifi: mwifiex: Fix tlvbufleft calculation (git-fixes).
  • wifi: mwifiex: Sanity check tlvlen and tlvbitmap_len (git-fixes).
  • x86/cpu, kvm: Add the NONESTEDDATA_BP feature (bsc#1213772).
  • x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
  • x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
  • x86/cpu, kvm: Move X86FEATURELFENCE_RDTSC to its native leaf (bsc#1213772).
  • x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
  • x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
  • x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
  • x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
  • x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
  • x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
  • x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
  • x86/sev: Make encdechypercall() accept a size instead of npages (bsc#1214635).
  • xen-netback: use default TX queue size for vifs (git-fixes).
  • xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 15 SP5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.33.23.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-devel": "5.14.21-150500.33.23.1",
            "kernel-devel-azure": "5.14.21-150500.33.23.1",
            "kernel-syms-azure": "5.14.21-150500.33.23.1",
            "kernel-source-azure": "5.14.21-150500.33.23.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.33.23.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-devel": "5.14.21-150500.33.23.1",
            "kernel-devel-azure": "5.14.21-150500.33.23.1",
            "kernel-syms-azure": "5.14.21-150500.33.23.1",
            "kernel-source-azure": "5.14.21-150500.33.23.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Public Cloud 15 SP5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.33.23.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-devel": "5.14.21-150500.33.23.1",
            "kernel-devel-azure": "5.14.21-150500.33.23.1",
            "kernel-syms-azure": "5.14.21-150500.33.23.1",
            "kernel-source-azure": "5.14.21-150500.33.23.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-azure

Package

Name
kernel-azure
Purl
purl:rpm/suse/kernel-azure&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.33.23.1

Ecosystem specific

{
    "binaries": [
        {
            "ocfs2-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-devel-azure": "5.14.21-150500.33.23.1",
            "dlm-kmp-azure": "5.14.21-150500.33.23.1",
            "cluster-md-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-extra": "5.14.21-150500.33.23.1",
            "gfs2-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-optional": "5.14.21-150500.33.23.1",
            "kernel-azure-devel": "5.14.21-150500.33.23.1",
            "kernel-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-vdso": "5.14.21-150500.33.23.1",
            "kselftests-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-syms-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-livepatch-devel": "5.14.21-150500.33.23.1",
            "reiserfs-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-source-azure": "5.14.21-150500.33.23.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-source-azure

Package

Name
kernel-source-azure
Purl
purl:rpm/suse/kernel-source-azure&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.33.23.1

Ecosystem specific

{
    "binaries": [
        {
            "ocfs2-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-devel-azure": "5.14.21-150500.33.23.1",
            "dlm-kmp-azure": "5.14.21-150500.33.23.1",
            "cluster-md-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-extra": "5.14.21-150500.33.23.1",
            "gfs2-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-optional": "5.14.21-150500.33.23.1",
            "kernel-azure-devel": "5.14.21-150500.33.23.1",
            "kernel-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-vdso": "5.14.21-150500.33.23.1",
            "kselftests-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-syms-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-livepatch-devel": "5.14.21-150500.33.23.1",
            "reiserfs-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-source-azure": "5.14.21-150500.33.23.1"
        }
    ]
}

openSUSE:Leap 15.5 / kernel-syms-azure

Package

Name
kernel-syms-azure
Purl
purl:rpm/suse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150500.33.23.1

Ecosystem specific

{
    "binaries": [
        {
            "ocfs2-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-devel-azure": "5.14.21-150500.33.23.1",
            "dlm-kmp-azure": "5.14.21-150500.33.23.1",
            "cluster-md-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-extra": "5.14.21-150500.33.23.1",
            "gfs2-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-optional": "5.14.21-150500.33.23.1",
            "kernel-azure-devel": "5.14.21-150500.33.23.1",
            "kernel-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-vdso": "5.14.21-150500.33.23.1",
            "kselftests-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-syms-azure": "5.14.21-150500.33.23.1",
            "kernel-azure-livepatch-devel": "5.14.21-150500.33.23.1",
            "reiserfs-kmp-azure": "5.14.21-150500.33.23.1",
            "kernel-source-azure": "5.14.21-150500.33.23.1"
        }
    ]
}