Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2023:2820-1
Rating:	important
References:	bsc#1065729 bsc#1152472 bsc#1152489 bsc#1160435 bsc#1187829 bsc#1189998 bsc#1194869 bsc#1205758 bsc#1208410 bsc#1208600 bsc#1209039 bsc#1209367 bsc#1210335 bsc#1211299 bsc#1211346 bsc#1211387 bsc#1211410 bsc#1211449 bsc#1211796 bsc#1211852 bsc#1212051 bsc#1212129 bsc#1212154 bsc#1212155 bsc#1212158 bsc#1212265 bsc#1212350 bsc#1212448 bsc#1212494 bsc#1212495 bsc#1212504 bsc#1212513 bsc#1212540 bsc#1212561 bsc#1212563 bsc#1212564 bsc#1212584 bsc#1212592 bsc#1212603 bsc#1212605 bsc#1212606 bsc#1212619 bsc#1212701 bsc#1212741 bsc#1212835 bsc#1212838 bsc#1212842 bsc#1212861 bsc#1212869 bsc#1212892 jsc#PED-3931 jsc#SLE-19253
Cross-References:	CVE-2023-1077 CVE-2023-1249 CVE-2023-1829 CVE-2023-21102 CVE-2023-3090 CVE-2023-3111 CVE-2023-3141 CVE-2023-3161 CVE-2023-3212 CVE-2023-3357 CVE-2023-3358 CVE-2023-3389 CVE-2023-35788 CVE-2023-35823 CVE-2023-35828 CVE-2023-35829
CVSS scores:	CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Basesystem Module 15-SP4 Development Tools Module 15-SP4 Legacy Module 15-SP4 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise High Availability Extension 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise Live Patching 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Workstation Extension 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that solves 16 vulnerabilities, contains two features and has 34 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).

The following non-security bugs were fixed:

Drop dvb-core fix patch due to a bug (bsc#1205758).
Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
Fix usrmerge error (boo#1211796).
Generalize kernel-doc build requirements.
Get module prefix from kmod (bsc#1212835).
Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-fixes).
Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes).
Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
affs: initialize fsdata in affs_truncate() (git-fixes).
alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes).
alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
alsa: oss: avoid missing-prototype warnings (git-fixes).
alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
arm64: Add missing Set/Way CMO encodings (git-fixes).
arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
arm: dts: vexpress: add missing cache properties (git-fixes).
asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
asoc: dwc: limit the number of overrun messages (git-fixes).
asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
asoc: mediatek: mt8173: Fix irq error path (git-fixes).
asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
asoc: soc-pcm: test if a BE can be prepared (git-fixes).
asoc: ssm2602: Add workaround for playback distortions (git-fixes).
ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
batman-adv: Broken sync while rescheduling delayed work (git-fixes).
binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
bluetooth: hci_qca: fix debugfs registration (git-fixes).
bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
bpf: Add extra path pointer check to d_path helper (git-fixes).
bpf: Fix UAF in task local storage (bsc#1212564).
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
can: length: fix bitstuffing count (git-fixes).
can: length: fix description of the RRS field (git-fixes).
can: length: make header self contained (git-fixes).
ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
clk: cdce925: check return value of kasprintf() (git-fixes).
clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
clk: si5341: free unused memory on probe failure (git-fixes).
clk: si5341: return error if one synth clock registration fails (git-fixes).
clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
clk: vc5: check memory returned by kasprintf() (git-fixes).
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
dmaengine: pl330: rename _start to prevent build error (git-fixes).
drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
drm/amd/display: Add minimal pipe split transition state (git-fixes).
drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
drm/amd/display: edp do not add non-edid timings (git-fixes).
drm/amd/display: fix the system hang while disable PSR (git-fixes).
drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git-fixes).
drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
drm/ast: Fix ARM compatibility (git-fixes).
drm/bridge: tc358768: always enable HS video mode (git-fixes).
drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
drm/bridge: tc358768: fix PLL target frequency (git-fixes).
drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
drm/exynos: vidi: fix a wrong error return (git-fixes).
drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
drm/i915/selftests: Add some missing error propagation (git-fixes).
drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
drm/i915/selftests: Stop using kthread_stop() (git-fixes).
drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
drm/i915: Use 18 fast wake AUX sync len (git-fixes).
drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
drm/msm/dp: Free resources after unregistering them (git-fixes).
drm/msm/dpu: correct MERGE_3D length (git-fixes).
drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
drm/msm: Set max segment size earlier (git-fixes).
drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
drm/radeon: fix possible division-by-zero errors (git-fixes).
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
drm/vram-helper: fix function names in vram helper doc (git-fixes).
drm: sun4i_tcon: use devm_clk_get_enabled in sun4i_tcon_init_clocks (git-fixes).
drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
eeprom: at24: also select REGMAP (git-fixes).
elf: correct note name comment (git-fixes).
ext4: unconditionally enable the i_version counter (bsc#1211299).
extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
hfs: fix OOB Read in __hfs_brec_find (git-fixes).
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
hid: google: add jewel USB id (git-fixes).
hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
ib/isert: Fix dead lock in ib_isert (git-fixes)
ib/isert: Fix incorrect release of isert connection (git-fixes)
ib/isert: Fix possible list corruption in CMA handler (git-fixes)
ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
ice: Do not double unplug aux on peer initiated reset (git-fixes).
ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
ice: Fix DSCP PFC TLV creation (git-fixes).
ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
ice: Fix memory corruption in VF driver (git-fixes).
ice: Ignore EEXIST when setting promisc mode (git-fixes).
ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
ice: Reset FDIR counter in FDIR init stage (git-fixes).
ice: add profile conflict check for AVF FDIR (git-fixes).
ice: block LAN in case of VF to VF offload (git-fixes).
ice: config netdev tc before setting queues number (git-fixes).
ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
ice: ethtool: advertise 1000M speeds properly (git-fixes).
ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
ice: fix wrong fallback logic for FDIR (git-fixes).
ice: handle E822 generic device ID in PLDM header (git-fixes).
ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
ice: use bitmap_free instead of devm_kfree (git-fixes).
ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
ieee802154: hwsim: Fix possible memory leaks (git-fixes).
ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
igb: fix bit_shift to be in [1..8] range (git-fixes).
igb: fix nvm.ops.read() error handling (git-fixes).
igc: Clean the TX buffer and TX descriptor ring (git-fixes).
igc: Fix possible system crash when loading module (git-fixes).
iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
init: Provide arch_cpu_finalize_init() (bsc#1212448).
init: Remove check_bugs() leftovers (bsc#1212448).
input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
input: drv260x - fix typo in register value define (git-fixes).
input: drv260x - remove unused .reg_defaults (git-fixes).
input: drv260x - sleep between polling GO bit (git-fixes).
input: fix open count when closing inhibited device (git-fixes).
input: psmouse - fix OOB access in Elantech protocol (git-fixes).
input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
irqchip/ftintc010: Mark all function static (git-fixes).
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
jfs: Fix fortify moan in symlink (git-fixes).
kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
kprobes: Prohibit probes in gate area (git-fixes).
kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
kvm: arm64: Do not hypercall before EL2 init (git-fixes)
kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
kvm: arm64: Save PSTATE early on exit (git-fixes)
kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
lpfc: Enhance congestion statistics collection (bsc#1211852).
lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
media: cec: core: do not set last_initiator if tx in progress (git-fixes).
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
media: dvb_ca_en50221: fix a size write bug (git-fixes).
media: dvb_demux: fix a bug for the continuity counter (git-fixes).
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
media: netup_unidvb: fix irq init by