SUSE-SU-2025:0564-1

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56633: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (bsc#1235485). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: Allow page-sized MMU caches to be initialized with custom 64-bit values (jsc#PED-6143). - KVM: x86/mmu: Add Suppress VE bit to EPT shadow_mmio_mask/shadow_present_mask (jsc#PED-6143). - KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE (jsc#PED-6143). - KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE (jsc#PED-6143). - KVM: x86/mmu: Track shadow MMIO value on a per-VM basis (jsc#PED-6143). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Remove 'iommu/arm-smmu: Defer probe of clients after smmu device bound', reverted by upstream. - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - Revert 'Disable ceph'. - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245) Update arm64 default configuration file - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes).

Affected Systems

suse•kernel-coco_debug&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
< 6.4.0-15061.15.coco15sp6.1
suse•kernel-coco&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
< 6.4.0-15061.15.coco15sp6.1
suse•kernel-source-coco&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
< 6.4.0-15061.15.coco15sp6.1
suse•kernel-syms-coco&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
< 6.4.0-15061.15.coco15sp6.1

Vulnerability Summary

Timeline

Description

Affected Systems

References (128)