SUSE-SU-2024:3587-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). The following non-security bugs were fixed: - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'. - Revert 'mm/sparsemem: fix race in accessing memory_section->usage'. - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'. - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869). - powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869). - powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869). - powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869). - powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/code-patching: Pre-map patch area (bsc#1194869). - powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869). - powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869). - powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869). - powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869). - powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869). - powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869). - powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869). - powerpc/code-patching: introduce patch_instructions() (bsc#1194869). - powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869). - powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes). - powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes). - powerpc/inst: Refactor ___get_user_instr() (bsc#1194869). - powerpc/lib: Add __init attribute to eligible functions (bsc#1194869). - powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869). - powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869). - powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327) - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327) - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1230591). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - workqueue: Avoid using isolated cpus' timers on (bsc#1231327) - workqueue: mark power efficient workqueue as unbounded if (bsc#1231327) - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes).
Affected Systems
- opensuse•kernel-azure&distro=openSUSE Leap 15.5
< 5.14.21-150500.33.69.1
- opensuse•kernel-source-azure&distro=openSUSE Leap 15.5
< 5.14.21-150500.33.69.1
- opensuse•kernel-syms-azure&distro=openSUSE Leap 15.5
< 5.14.21-150500.33.69.1
- suse•kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5
< 5.14.21-150500.33.69.1
- suse•kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5
< 5.14.21-150500.33.69.1
- suse•kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5
< 5.14.21-150500.33.69.1
References (309)
- https://www.suse.com/support/update/announcement/2024/suse-su-20243587-1/
- https://bugzilla.suse.com/1054914
- https://bugzilla.suse.com/1065729
- https://bugzilla.suse.com/1194869
- https://bugzilla.suse.com/1199769
- https://bugzilla.suse.com/1216223
- https://bugzilla.suse.com/1220382
- https://bugzilla.suse.com/1221610
- https://bugzilla.suse.com/1221650
- https://bugzilla.suse.com/1222629
- https://bugzilla.suse.com/1222973
- https://bugzilla.suse.com/1223600
- https://bugzilla.suse.com/1223848
- https://bugzilla.suse.com/1224085
- https://bugzilla.suse.com/1225903
- https://bugzilla.suse.com/1226003
- https://bugzilla.suse.com/1226606
- https://bugzilla.suse.com/1226631
- https://bugzilla.suse.com/1226662
- https://bugzilla.suse.com/1226666
- https://bugzilla.suse.com/1226846
- https://bugzilla.suse.com/1226860
- https://bugzilla.suse.com/1226875
- https://bugzilla.suse.com/1226915
- https://bugzilla.suse.com/1227487
- https://bugzilla.suse.com/1227726
- https://bugzilla.suse.com/1227819
- https://bugzilla.suse.com/1227832
- https://bugzilla.suse.com/1227890
- https://bugzilla.suse.com/1228507
- https://bugzilla.suse.com/1228576
- https://bugzilla.suse.com/1228620
- https://bugzilla.suse.com/1228747
- https://bugzilla.suse.com/1228771
- https://bugzilla.suse.com/1229031
- https://bugzilla.suse.com/1229034
- https://bugzilla.suse.com/1229086
- https://bugzilla.suse.com/1229156
- https://bugzilla.suse.com/1229334
- https://bugzilla.suse.com/1229362
- https://bugzilla.suse.com/1229363
- https://bugzilla.suse.com/1229364
- https://bugzilla.suse.com/1229394
- https://bugzilla.suse.com/1229429
- https://bugzilla.suse.com/1229453
- https://bugzilla.suse.com/1229572
- https://bugzilla.suse.com/1229573
- https://bugzilla.suse.com/1229585
- https://bugzilla.suse.com/1229607
- https://bugzilla.suse.com/1229619
- https://bugzilla.suse.com/1229633
- https://bugzilla.suse.com/1229662
- https://bugzilla.suse.com/1229753
- https://bugzilla.suse.com/1229764
- https://bugzilla.suse.com/1229790
- https://bugzilla.suse.com/1229810
- https://bugzilla.suse.com/1229830
- https://bugzilla.suse.com/1229891
- https://bugzilla.suse.com/1229899
- https://bugzilla.suse.com/1229928
- https://bugzilla.suse.com/1229947
- https://bugzilla.suse.com/1230015
- https://bugzilla.suse.com/1230055
- https://bugzilla.suse.com/1230129
- https://bugzilla.suse.com/1230130
- https://bugzilla.suse.com/1230170
- https://bugzilla.suse.com/1230171
- https://bugzilla.suse.com/1230174
- https://bugzilla.suse.com/1230175
- https://bugzilla.suse.com/1230176
- https://bugzilla.suse.com/1230178
- https://bugzilla.suse.com/1230180
- https://bugzilla.suse.com/1230185
- https://bugzilla.suse.com/1230192
- https://bugzilla.suse.com/1230193
- https://bugzilla.suse.com/1230194
- https://bugzilla.suse.com/1230200
- https://bugzilla.suse.com/1230204
- https://bugzilla.suse.com/1230209
- https://bugzilla.suse.com/1230211
- https://bugzilla.suse.com/1230217
- https://bugzilla.suse.com/1230224
- https://bugzilla.suse.com/1230230
- https://bugzilla.suse.com/1230233
- https://bugzilla.suse.com/1230244
- https://bugzilla.suse.com/1230245
- https://bugzilla.suse.com/1230247
- https://bugzilla.suse.com/1230248
- https://bugzilla.suse.com/1230269
- https://bugzilla.suse.com/1230289
- https://bugzilla.suse.com/1230339
- https://bugzilla.suse.com/1230340
- https://bugzilla.suse.com/1230392
- https://bugzilla.suse.com/1230398
- https://bugzilla.suse.com/1230431
- https://bugzilla.suse.com/1230433
- https://bugzilla.suse.com/1230434
- https://bugzilla.suse.com/1230440
- https://bugzilla.suse.com/1230442
- https://bugzilla.suse.com/1230444
- https://bugzilla.suse.com/1230450
- https://bugzilla.suse.com/1230451
- https://bugzilla.suse.com/1230454
- https://bugzilla.suse.com/1230506
- https://bugzilla.suse.com/1230507
- https://bugzilla.suse.com/1230511
- https://bugzilla.suse.com/1230515
- https://bugzilla.suse.com/1230517
- https://bugzilla.suse.com/1230524
- https://bugzilla.suse.com/1230533
- https://bugzilla.suse.com/1230535
- https://bugzilla.suse.com/1230549
- https://bugzilla.suse.com/1230550
- https://bugzilla.suse.com/1230556
- https://bugzilla.suse.com/1230582
- https://bugzilla.suse.com/1230589
- https://bugzilla.suse.com/1230591
- https://bugzilla.suse.com/1230592
- https://bugzilla.suse.com/1230699
- https://bugzilla.suse.com/1230700
- https://bugzilla.suse.com/1230701
- https://bugzilla.suse.com/1230702
- https://bugzilla.suse.com/1230703
- https://bugzilla.suse.com/1230705
- https://bugzilla.suse.com/1230706
- https://bugzilla.suse.com/1230709
- https://bugzilla.suse.com/1230710
- https://bugzilla.suse.com/1230711
- https://bugzilla.suse.com/1230712
- https://bugzilla.suse.com/1230719
- https://bugzilla.suse.com/1230724
- https://bugzilla.suse.com/1230725
- https://bugzilla.suse.com/1230730
- https://bugzilla.suse.com/1230731
- https://bugzilla.suse.com/1230732
- https://bugzilla.suse.com/1230733
- https://bugzilla.suse.com/1230747
- https://bugzilla.suse.com/1230748
- https://bugzilla.suse.com/1230751
- https://bugzilla.suse.com/1230752
- https://bugzilla.suse.com/1230756
- https://bugzilla.suse.com/1230761
- https://bugzilla.suse.com/1230763
- https://bugzilla.suse.com/1230766
- https://bugzilla.suse.com/1230767
- https://bugzilla.suse.com/1230768
- https://bugzilla.suse.com/1230771
- https://bugzilla.suse.com/1230774
- https://bugzilla.suse.com/1230783
- https://bugzilla.suse.com/1230786
- https://bugzilla.suse.com/1230791
- https://bugzilla.suse.com/1230794
- https://bugzilla.suse.com/1230796
- https://bugzilla.suse.com/1230802
- https://bugzilla.suse.com/1230806
- https://bugzilla.suse.com/1230808
- https://bugzilla.suse.com/1230810
- https://bugzilla.suse.com/1230812
- https://bugzilla.suse.com/1230813
- https://bugzilla.suse.com/1230814
- https://bugzilla.suse.com/1230815
- https://bugzilla.suse.com/1230821
- https://bugzilla.suse.com/1230825
- https://bugzilla.suse.com/1230830
- https://bugzilla.suse.com/1231013
- https://bugzilla.suse.com/1231017
- https://bugzilla.suse.com/1231084
- https://bugzilla.suse.com/1231085
- https://bugzilla.suse.com/1231087
- https://bugzilla.suse.com/1231115
- https://bugzilla.suse.com/1231116
- https://bugzilla.suse.com/1231120
- https://bugzilla.suse.com/1231146
- https://bugzilla.suse.com/1231180
- https://bugzilla.suse.com/1231181
- https://bugzilla.suse.com/1231277
- https://bugzilla.suse.com/1231327
- https://www.suse.com/security/cve/CVE-2022-48901
- https://www.suse.com/security/cve/CVE-2022-48911
- https://www.suse.com/security/cve/CVE-2022-48923
- https://www.suse.com/security/cve/CVE-2022-48935
- https://www.suse.com/security/cve/CVE-2022-48944
- https://www.suse.com/security/cve/CVE-2022-48945
- https://www.suse.com/security/cve/CVE-2023-52610
- https://www.suse.com/security/cve/CVE-2023-52916
- https://www.suse.com/security/cve/CVE-2024-26640
- https://www.suse.com/security/cve/CVE-2024-26759
- https://www.suse.com/security/cve/CVE-2024-26767
- https://www.suse.com/security/cve/CVE-2024-26804
- https://www.suse.com/security/cve/CVE-2024-26837
- https://www.suse.com/security/cve/CVE-2024-37353
- https://www.suse.com/security/cve/CVE-2024-38538
- https://www.suse.com/security/cve/CVE-2024-38596
- https://www.suse.com/security/cve/CVE-2024-38632
- https://www.suse.com/security/cve/CVE-2024-40910
- https://www.suse.com/security/cve/CVE-2024-40973
- https://www.suse.com/security/cve/CVE-2024-40983
- https://www.suse.com/security/cve/CVE-2024-41062
- https://www.suse.com/security/cve/CVE-2024-41082
- https://www.suse.com/security/cve/CVE-2024-42154
- https://www.suse.com/security/cve/CVE-2024-42259
- https://www.suse.com/security/cve/CVE-2024-42265
- https://www.suse.com/security/cve/CVE-2024-42304
- https://www.suse.com/security/cve/CVE-2024-42305
- https://www.suse.com/security/cve/CVE-2024-42306
- https://www.suse.com/security/cve/CVE-2024-43828
- https://www.suse.com/security/cve/CVE-2024-43890
- https://www.suse.com/security/cve/CVE-2024-43898
- https://www.suse.com/security/cve/CVE-2024-43912
- https://www.suse.com/security/cve/CVE-2024-43914
- https://www.suse.com/security/cve/CVE-2024-44935
- https://www.suse.com/security/cve/CVE-2024-44944
- https://www.suse.com/security/cve/CVE-2024-44946
- https://www.suse.com/security/cve/CVE-2024-44948
- https://www.suse.com/security/cve/CVE-2024-44950
- https://www.suse.com/security/cve/CVE-2024-44952
- https://www.suse.com/security/cve/CVE-2024-44954
- https://www.suse.com/security/cve/CVE-2024-44967
- https://www.suse.com/security/cve/CVE-2024-44969
- https://www.suse.com/security/cve/CVE-2024-44970
- https://www.suse.com/security/cve/CVE-2024-44971
- https://www.suse.com/security/cve/CVE-2024-44977
- https://www.suse.com/security/cve/CVE-2024-44982
- https://www.suse.com/security/cve/CVE-2024-44986
- https://www.suse.com/security/cve/CVE-2024-44987
- https://www.suse.com/security/cve/CVE-2024-44988
- https://www.suse.com/security/cve/CVE-2024-44989
- https://www.suse.com/security/cve/CVE-2024-44990
- https://www.suse.com/security/cve/CVE-2024-44998
- https://www.suse.com/security/cve/CVE-2024-44999
- https://www.suse.com/security/cve/CVE-2024-45000
- https://www.suse.com/security/cve/CVE-2024-45001
- https://www.suse.com/security/cve/CVE-2024-45003
- https://www.suse.com/security/cve/CVE-2024-45006
- https://www.suse.com/security/cve/CVE-2024-45007
- https://www.suse.com/security/cve/CVE-2024-45008
- https://www.suse.com/security/cve/CVE-2024-45011
- https://www.suse.com/security/cve/CVE-2024-45013
- https://www.suse.com/security/cve/CVE-2024-45015
- https://www.suse.com/security/cve/CVE-2024-45018
- https://www.suse.com/security/cve/CVE-2024-45020
- https://www.suse.com/security/cve/CVE-2024-45021
- https://www.suse.com/security/cve/CVE-2024-45026
- https://www.suse.com/security/cve/CVE-2024-45028
- https://www.suse.com/security/cve/CVE-2024-45029
- https://www.suse.com/security/cve/CVE-2024-46673
- https://www.suse.com/security/cve/CVE-2024-46674
- https://www.suse.com/security/cve/CVE-2024-46675
- https://www.suse.com/security/cve/CVE-2024-46676
- https://www.suse.com/security/cve/CVE-2024-46677
- https://www.suse.com/security/cve/CVE-2024-46678
- https://www.suse.com/security/cve/CVE-2024-46679
- https://www.suse.com/security/cve/CVE-2024-46685
- https://www.suse.com/security/cve/CVE-2024-46686
- https://www.suse.com/security/cve/CVE-2024-46689
- https://www.suse.com/security/cve/CVE-2024-46694
- https://www.suse.com/security/cve/CVE-2024-46702
- https://www.suse.com/security/cve/CVE-2024-46707
- https://www.suse.com/security/cve/CVE-2024-46714
- https://www.suse.com/security/cve/CVE-2024-46715
- https://www.suse.com/security/cve/CVE-2024-46717
- https://www.suse.com/security/cve/CVE-2024-46720
- https://www.suse.com/security/cve/CVE-2024-46721
- https://www.suse.com/security/cve/CVE-2024-46722
- https://www.suse.com/security/cve/CVE-2024-46723
- https://www.suse.com/security/cve/CVE-2024-46724
- https://www.suse.com/security/cve/CVE-2024-46725
- https://www.suse.com/security/cve/CVE-2024-46726
- https://www.suse.com/security/cve/CVE-2024-46728
- https://www.suse.com/security/cve/CVE-2024-46730
- https://www.suse.com/security/cve/CVE-2024-46731
- https://www.suse.com/security/cve/CVE-2024-46732
- https://www.suse.com/security/cve/CVE-2024-46737
- https://www.suse.com/security/cve/CVE-2024-46738
- https://www.suse.com/security/cve/CVE-2024-46739
- https://www.suse.com/security/cve/CVE-2024-46743
- https://www.suse.com/security/cve/CVE-2024-46744
- https://www.suse.com/security/cve/CVE-2024-46745
- https://www.suse.com/security/cve/CVE-2024-46746
- https://www.suse.com/security/cve/CVE-2024-46747
- https://www.suse.com/security/cve/CVE-2024-46750
- https://www.suse.com/security/cve/CVE-2024-46751
- https://www.suse.com/security/cve/CVE-2024-46752
- https://www.suse.com/security/cve/CVE-2024-46753
- https://www.suse.com/security/cve/CVE-2024-46755
- https://www.suse.com/security/cve/CVE-2024-46756
- https://www.suse.com/security/cve/CVE-2024-46758
- https://www.suse.com/security/cve/CVE-2024-46759
- https://www.suse.com/security/cve/CVE-2024-46761
- https://www.suse.com/security/cve/CVE-2024-46770
- https://www.suse.com/security/cve/CVE-2024-46771
- https://www.suse.com/security/cve/CVE-2024-46773
- https://www.suse.com/security/cve/CVE-2024-46774
- https://www.suse.com/security/cve/CVE-2024-46775
- https://www.suse.com/security/cve/CVE-2024-46780
- https://www.suse.com/security/cve/CVE-2024-46781
- https://www.suse.com/security/cve/CVE-2024-46783
- https://www.suse.com/security/cve/CVE-2024-46784
- https://www.suse.com/security/cve/CVE-2024-46786
- https://www.suse.com/security/cve/CVE-2024-46787
- https://www.suse.com/security/cve/CVE-2024-46791
- https://www.suse.com/security/cve/CVE-2024-46794
- https://www.suse.com/security/cve/CVE-2024-46798
- https://www.suse.com/security/cve/CVE-2024-46822
- https://www.suse.com/security/cve/CVE-2024-46826
- https://www.suse.com/security/cve/CVE-2024-46830
- https://www.suse.com/security/cve/CVE-2024-46854
- https://www.suse.com/security/cve/CVE-2024-46855
- https://www.suse.com/security/cve/CVE-2024-46857