Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:0910-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2023-5197 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2023-5197 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2023-52340 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-52429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-52439 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-6817 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-6817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2024-0607 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
  • CVE-2024-0607 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2024-1151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-23849 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2024-23849 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-23850 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-23851 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-23851 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2024-25744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • openSUSE Leap 15.5
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise Live Patching 15-SP5
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Real Time Module 15-SP5

An update that solves 39 vulnerabilities, contains one feature and has 23 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
  • CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
  • CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
  • CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
  • CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
  • CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
  • CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
  • CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
  • CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
  • CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
  • CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
  • CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
  • CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
  • CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
  • CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
  • CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
  • CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
  • CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
  • CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
  • CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
  • CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
  • CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
  • CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
  • CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
  • CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
  • CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
  • CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
  • CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
  • CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
  • CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
  • CVE-2024-26586: Fixed stack corruption (bsc#1220243).
  • CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
  • CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
  • CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
  • CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
  • CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
  • CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
  • CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
  • CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).

The following non-security bugs were fixed:

  • acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
  • acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
  • acpi: extlog: fix null pointer dereference check (git-fixes).
  • acpi: resource: add asus model s5402za to quirks (git-fixes).
  • acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
  • acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
  • acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
  • acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
  • acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
  • acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
  • add reference to recently released cve
  • afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
  • afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
  • afs: hide silly-rename files from userspace (git-fixes).
  • afs: increase buffer size in afs_update_volume_status() (git-fixes).
  • ahci: asm1166: correct count of reported ports (git-fixes).
  • alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
  • alsa: firewire-lib: fix to check cycle continuity (git-fixes).
  • alsa: hda/conexant: add quirk for sws js201d (git-fixes).
  • alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
  • alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
  • alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
  • alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
  • alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
  • alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
  • alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
  • alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
  • alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
  • alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
  • alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
  • alsa: usb-audio: check presence of valid altsetting control (git-fixes).
  • alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
  • alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
  • alsa: usb-audio: sort quirk table entries (git-fixes).
  • arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
  • arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
  • arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
  • arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
  • arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
  • arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
  • arm64: irq: set the correct node for shadow call stack (git-fixes)
  • arm64: irq: set the correct node for vmap stack (git-fixes)
  • arm64: rename arm64_workaround_2966298 (bsc#1219443)
  • arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
  • asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
  • asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
  • asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
  • asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
  • atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
  • bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
  • bluetooth: enforce validation on max value of connection interval (git-fixes).
  • bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
  • bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
  • bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
  • bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
  • bluetooth: l2cap: fix possible multiple reject send (git-fixes).
  • bluetooth: qca: fix wrong event type for patch config command (git-fixes).
  • bpf: fix verification of indirect var-off stack access (git-fixes).
  • bpf: guard stack limits against 32bit overflow (git-fixes).
  • bpf: minor logging improvement (bsc#1220257).
  • bus: moxtet: add spi device table (git-fixes).
  • cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
  • can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
  • crypto: api - disallow identical driver names (git-fixes).
  • crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
  • crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
  • crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
  • dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
  • dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
  • dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
  • dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
  • dmaengine: ptdma: use consistent dma masks (git-fixes).
  • dmaengine: shdma: increase size of 'dev_id' (git-fixes).
  • dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
  • driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
  • drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
  • drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
  • drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
  • drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
  • drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
  • drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
  • drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
  • drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
  • drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
  • drm/buddy: fix range bias (git-fixes).
  • drm/crtc: fix uninitialized variable use even harder (git-fixes).
  • drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
  • drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
  • drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
  • drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
  • drm/prime: support page array >= 4gb (git-fixes).
  • drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
  • drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
  • drop bcm5974 input patch causing a regression (bsc#1220030)
  • efi/capsule-loader: fix incorrect allocation size (git-fixes).
  • efi: do not add memblocks for soft-reserved memory (git-fixes).
  • efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
  • fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
  • fbdev: savage: error out if pixclock equals zero (git-fixes).
  • fbdev: sis: error out if pixclock equals zero (git-fixes).
  • firewire: core: send bus reset promptly on gap count error (git-fixes).
  • fs: dlm: fix build with config_ipv6 disabled (git-fixes).
  • fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
  • gpio: 74x164: enable output pins after registers are reset (git-fixes).
  • gpio: fix resource unwinding order in error path (git-fixes).
  • gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
  • gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
  • hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
  • hid: apple: add support for the 2021 magic keyboard (git-fixes).
  • hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
  • hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
  • hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
  • hwmon: (coretemp) enlarge per package core count limit (git-fixes).
  • hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
  • hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
  • i2c: i801: fix block process call transactions (git-fixes).
  • i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
  • i2c: imx: add timer for handling the stop condition (git-fixes).
  • i2c: imx: when being a target, mark the last read as processed (git-fixes).
  • i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
  • ib/hfi1: fix a memleak in init_credit_return (git-fixes)
  • ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
  • iio: accel: bma400: fix a compilation problem (git-fixes).
  • iio: adc: ad7091r: set alert bit in config register (git-fixes).
  • iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
  • iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
  • iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
  • input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
  • input: xpad - add lenovo legion go controllers (git-fixes).
  • irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
  • jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
  • jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
  • jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
  • jfs: fix uaf in jfs_evict_inode (git-fixes).
  • kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
  • kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
  • kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
  • kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
  • kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
  • kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
  • lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
  • leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
  • lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
  • lib/stackdepot: add refcount for records (jsc-ped#7423).
  • lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
  • lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
  • libsubcmd: fix memory leak in uniq() (git-fixes).
  • media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
  • media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
  • media: rc: bpf attach/detach requires write permission (git-fixes).
  • media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
  • media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
  • mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
  • mm,page_owner: display all stacks and their count (jsc-ped#7423).
  • mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
  • mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
  • mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
  • mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
  • mm/hwpoison: fix unpoison_memory() (bsc#1218663).
  • mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
  • mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
  • mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
  • mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
  • mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
  • mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
  • mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
  • mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
  • mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
  • modpost: trim leading spaces when processing source files list (git-fixes).
  • mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
  • net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
  • netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
  • nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
  • nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
  • nouveau/svm: fix kvcalloc() argument order (git-fixes).
  • nouveau: fix function cast warnings (git-fixes).
  • ntfs: check overflow when iterating attr_records (git-fixes).
  • ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
  • nvme-fabrics: fix i/o connect error handling (git-fixes).
  • nvme-host: fix the updating of the firmware version (git-fixes).
  • pci/aer: decode requester id when no error info found (git-fixes).
  • pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
  • pci: add pci_header_type_mfd definition (bsc#1220021).
  • pci: fix 64gt/s effective data rate calculation (git-fixes).
  • pci: only override amd usb controller if required (git-fixes).
  • pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
  • platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
  • platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
  • platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
  • pm: core: remove unnecessary (void *) conversions (git-fixes).
  • pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
  • pnp: acpi: fix fortify warning (git-fixes).
  • power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
  • powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
  • powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
  • powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
  • powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
  • powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
  • powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
  • powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
  • powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
  • powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
  • powerpc: do not include lppaca.h in paca.h (bsc#1194869).
  • pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
  • ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
  • ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
  • ras: introduce a fru memory poison manager (jsc#ped-7618).
  • rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
  • rdma/bnxt_re: return error for srq resize (git-fixes)
  • rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
  • rdma/core: get ib width and speed from netdev (bsc#1219934).
  • rdma/irdma: add ae for too many rnrs (git-fixes)
  • rdma/irdma: fix kasan issue with tasklet (git-fixes)
  • rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
  • rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
  • rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
  • rdma/srpt: fix function pointer cast warnings (git-fixes)
  • rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
  • refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#1216776, bsc#1220277)
  • regulator: core: only increment use_count when enable_count changes (git-fixes).
  • regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
  • revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" (git-fixes).
  • revert "drm/amd/pm: resolve reboot exception for si oland" (git-fixes).
  • revert "drm/amd: flush any delayed gfxoff on suspend entry" (git-fixes).
  • rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
  • s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
  • s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
  • sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
  • scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
  • scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
  • scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
  • scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
  • scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
  • scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
  • scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
  • scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
  • scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
  • scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
  • scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
  • scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
  • scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
  • scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
  • scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
  • scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
  • scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
  • scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
  • scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
  • scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
  • scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
  • scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
  • scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
  • scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
  • scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
  • scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
  • scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
  • scsi: revert "scsi: fcoe: fix potential deadlock on &fip->ctlr_lock" (git-fixes bsc#1219141).
  • serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
  • spi-mxs: fix chipselect glitch (git-fixes).
  • spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
  • spi: ppc4xx: drop write-only variable (git-fixes).
  • spi: sh-msiof: avoid integer overflow in constants (git-fixes).
  • staging: iio: ad5933: fix type mismatch regression (git-fixes).
  • supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
  • tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
  • tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
  • topology/sysfs: add format parameter to macro defining "show" functions for proc (jsc#ped-7618).
  • topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
  • tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
  • ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
  • usb: cdns3: fix memory double free when handle zero packet (git-fixes).
  • usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
  • usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
  • usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
  • usb: cdns: readd old api (git-fixes).
  • usb: cdnsp: blocked some cdns3 specific code (git-fixes).
  • usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
  • usb: dwc3: gadget: do not disconnect if not started (git-fixes).
  • usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
  • usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
  • usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
  • usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
  • usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
  • usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
  • usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
  • usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
  • usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
  • usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
  • usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
  • usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
  • usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
  • usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
  • usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
  • usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
  • usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
  • usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
  • usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
  • usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
  • usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
  • usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
  • usb: roles: fix null pointer issue when put module's reference (git-fixes).
  • usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
  • usb: serial: option: add fibocom fm101-gl variant (git-fixes).
  • usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
  • watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
  • wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
  • wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
  • wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
  • wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes).
  • wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
  • wifi: iwlwifi: fix some error codes (git-fixes).
  • wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
  • wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
  • wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
  • wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
  • wifi: nl80211: reject iftype change with mesh id change (git-fixes).
  • wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
  • wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
  • wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
  • wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
  • x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
  • x86/bugs: add asm helpers for executing verw (git-fixes).
  • x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
  • x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
  • x86/entry_32: add verw just before userspace transition (git-fixes).
  • x86/entry_64: add verw just before userspace transition (git-fixes).
  • x86/mm: fix memory encryption features advertisement (bsc#1206453).
  • xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
  • xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.5
    zypper in -t patch SUSE-2024-910=1 openSUSE-SLE-15.5-2024-910=1
  • SUSE Linux Enterprise Micro 5.5
    zypper in -t patch SUSE-SLE-Micro-5.5-2024-910=1
  • SUSE Linux Enterprise Live Patching 15-SP5
    zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-910=1
  • SUSE Real Time Module 15-SP5
    zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-910=1

Package List:

  • openSUSE Leap 15.5 (noarch)
    • kernel-devel-rt-5.14.21-150500.13.38.1
    • kernel-source-rt-5.14.21-150500.13.38.1
  • openSUSE Leap 15.5 (x86_64)
    • kselftests-kmp-rt-5.14.21-150500.13.38.1
    • kernel-rt-extra-5.14.21-150500.13.38.1
    • kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-livepatch-devel-5.14.21-150500.13.38.1
    • kernel-rt-vdso-5.14.21-150500.13.38.1
    • kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1
    • kselftests-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-syms-rt-5.14.21-150500.13.38.1
    • kernel-rt-debugsource-5.14.21-150500.13.38.1
    • kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1
    • dlm-kmp-rt-5.14.21-150500.13.38.1
    • kernel-rt_debug-vdso-5.14.21-150500.13.38.1
    • kernel-rt-livepatch-5.14.21-150500.13.38.1
    • gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1
    • kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1
    • dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • ocfs2-kmp-rt-5.14.21-150500.13.38.1
    • kernel-rt-extra-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt_debug-debugsource-5.14.21-150500.13.38.1
    • kernel-rt_debug-devel-5.14.21-150500.13.38.1
    • reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-devel-5.14.21-150500.13.38.1
    • cluster-md-kmp-rt-5.14.21-150500.13.38.1
    • cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-optional-debuginfo-5.14.21-150500.13.38.1
    • kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1
    • kernel-rt-optional-5.14.21-150500.13.38.1
    • gfs2-kmp-rt-5.14.21-150500.13.38.1
    • reiserfs-kmp-rt-5.14.21-150500.13.38.1
    • kernel-rt_debug-livepatch-devel-5.14.21-150500.13.38.1
  • openSUSE Leap 15.5 (nosrc x86_64)
    • kernel-rt_debug-5.14.21-150500.13.38.1
    • kernel-rt-5.14.21-150500.13.38.1
  • SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
    • kernel-rt-5.14.21-150500.13.38.1
  • SUSE Linux Enterprise Micro 5.5 (x86_64)
    • kernel-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-debugsource-5.14.21-150500.13.38.1
  • SUSE Linux Enterprise Micro 5.5 (noarch)
    • kernel-source-rt-5.14.21-150500.13.38.1
  • SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
    • kernel-livepatch-5_14_21-150500_13_38-rt-debuginfo-1-150500.11.3.1
    • kernel-livepatch-SLE15-SP5-RT_Update_11-debugsource-1-150500.11.3.1
    • kernel-livepatch-5_14_21-150500_13_38-rt-1-150500.11.3.1
  • SUSE Real Time Module 15-SP5 (x86_64)
    • kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-vdso-5.14.21-150500.13.38.1
    • kernel-rt-vdso-debuginfo-5.14.21-150500.13.38.1
    • kernel-syms-rt-5.14.21-150500.13.38.1
    • kernel-rt-debugsource-5.14.21-150500.13.38.1
    • dlm-kmp-rt-5.14.21-150500.13.38.1
    • kernel-rt_debug-vdso-5.14.21-150500.13.38.1
    • gfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt_debug-debuginfo-5.14.21-150500.13.38.1
    • dlm-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • ocfs2-kmp-rt-5.14.21-150500.13.38.1
    • kernel-rt_debug-debugsource-5.14.21-150500.13.38.1
    • kernel-rt_debug-devel-5.14.21-150500.13.38.1
    • kernel-rt-devel-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-devel-5.14.21-150500.13.38.1
    • cluster-md-kmp-rt-5.14.21-150500.13.38.1
    • cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt-debuginfo-5.14.21-150500.13.38.1
    • kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.38.1
    • gfs2-kmp-rt-5.14.21-150500.13.38.1
  • SUSE Real Time Module 15-SP5 (noarch)
    • kernel-devel-rt-5.14.21-150500.13.38.1
    • kernel-source-rt-5.14.21-150500.13.38.1
  • SUSE Real Time Module 15-SP5 (nosrc x86_64)
    • kernel-rt_debug-5.14.21-150500.13.38.1
    • kernel-rt-5.14.21-150500.13.38.1

References: