Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:2820-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
  • CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Basesystem Module 15-SP4
  • Development Tools Module 15-SP4
  • Legacy Module 15-SP4
  • openSUSE Leap 15.4
  • openSUSE Leap Micro 5.3
  • SUSE Linux Enterprise Desktop 15 SP4
  • SUSE Linux Enterprise High Availability Extension 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Micro for Rancher 5.4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Workstation Extension 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves 16 vulnerabilities, contains two features and has 34 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
  • CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
  • CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
  • CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
  • CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
  • CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
  • CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
  • CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
  • CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
  • CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
  • CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
  • CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
  • CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
  • CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
  • CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
  • CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).

The following non-security bugs were fixed:

  • Drop dvb-core fix patch due to a bug (bsc#1205758).
  • Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
  • Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
  • Fix usrmerge error (boo#1211796).
  • Generalize kernel-doc build requirements.
  • Get module prefix from kmod (bsc#1212835).
  • Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
  • Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-fixes).
  • Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes).
  • Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
  • Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
  • acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
  • affs: initialize fsdata in affs_truncate() (git-fixes).
  • alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
  • alsa: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes).
  • alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
  • alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
  • alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
  • alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
  • alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
  • alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
  • alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
  • alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
  • alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
  • alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
  • alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
  • alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
  • alsa: oss: avoid missing-prototype warnings (git-fixes).
  • alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
  • alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
  • amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
  • arm64: Add missing Set/Way CMO encodings (git-fixes).
  • arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
  • arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
  • arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
  • arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
  • arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
  • arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
  • arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
  • arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
  • arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
  • arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
  • arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
  • arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
  • arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
  • arm: dts: vexpress: add missing cache properties (git-fixes).
  • asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
  • asoc: dwc: limit the number of overrun messages (git-fixes).
  • asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
  • asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
  • asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
  • asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
  • asoc: mediatek: mt8173: Fix irq error path (git-fixes).
  • asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
  • asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
  • asoc: soc-pcm: test if a BE can be prepared (git-fixes).
  • asoc: ssm2602: Add workaround for playback distortions (git-fixes).
  • ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
  • batman-adv: Broken sync while rescheduling delayed work (git-fixes).
  • binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
  • bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
  • bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
  • bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
  • bluetooth: hci_qca: fix debugfs registration (git-fixes).
  • bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
  • bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
  • bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
  • bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
  • bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
  • bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
  • bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
  • bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
  • bpf: Add extra path pointer check to d_path helper (git-fixes).
  • bpf: Fix UAF in task local storage (bsc#1212564).
  • btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
  • bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
  • bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
  • can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
  • can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
  • can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
  • can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
  • can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
  • can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
  • can: length: fix bitstuffing count (git-fixes).
  • can: length: fix description of the RRS field (git-fixes).
  • can: length: make header self contained (git-fixes).
  • ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
  • cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
  • cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
  • cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
  • clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
  • clk: cdce925: check return value of kasprintf() (git-fixes).
  • clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
  • clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
  • clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
  • clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
  • clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
  • clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
  • clk: si5341: free unused memory on probe failure (git-fixes).
  • clk: si5341: return error if one synth clock registration fails (git-fixes).
  • clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
  • clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
  • clk: vc5: check memory returned by kasprintf() (git-fixes).
  • clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
  • crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
  • crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
  • dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
  • dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
  • dmaengine: pl330: rename _start to prevent build error (git-fixes).
  • drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
  • drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
  • drm/amd/display: Add minimal pipe split transition state (git-fixes).
  • drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
  • drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
  • drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
  • drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
  • drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
  • drm/amd/display: edp do not add non-edid timings (git-fixes).
  • drm/amd/display: fix the system hang while disable PSR (git-fixes).
  • drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
  • drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
  • drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
  • drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
  • drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
  • drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
  • drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git-fixes).
  • drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
  • drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
  • drm/ast: Fix ARM compatibility (git-fixes).
  • drm/bridge: tc358768: always enable HS video mode (git-fixes).
  • drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
  • drm/bridge: tc358768: fix PLL target frequency (git-fixes).
  • drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
  • drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
  • drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
  • drm/exynos: vidi: fix a wrong error return (git-fixes).
  • drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
  • drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
  • drm/i915/selftests: Add some missing error propagation (git-fixes).
  • drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
  • drm/i915/selftests: Stop using kthread_stop() (git-fixes).
  • drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
  • drm/i915: Use 18 fast wake AUX sync len (git-fixes).
  • drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
  • drm/msm/dp: Free resources after unregistering them (git-fixes).
  • drm/msm/dpu: correct MERGE_3D length (git-fixes).
  • drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
  • drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
  • drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
  • drm/msm: Set max segment size earlier (git-fixes).
  • drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
  • drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
  • drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
  • drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
  • drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
  • drm/radeon: fix possible division-by-zero errors (git-fixes).
  • drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
  • drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
  • drm/vram-helper: fix function names in vram helper doc (git-fixes).
  • drm: sun4i_tcon: use devm_clk_get_enabled in sun4i_tcon_init_clocks (git-fixes).
  • drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
  • dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
  • eeprom: at24: also select REGMAP (git-fixes).
  • elf: correct note name comment (git-fixes).
  • ext4: unconditionally enable the i_version counter (bsc#1211299).
  • extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
  • extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
  • extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
  • extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
  • extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
  • extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
  • fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
  • fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
  • fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
  • fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
  • fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
  • fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
  • fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
  • firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
  • firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
  • fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
  • fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
  • fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
  • fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
  • fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
  • fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
  • gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
  • hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
  • hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
  • hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
  • hfs: fix OOB Read in __hfs_brec_find (git-fixes).
  • hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
  • hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
  • hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
  • hid: google: add jewel USB id (git-fixes).
  • hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
  • hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
  • hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
  • hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
  • hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
  • i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
  • i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
  • i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
  • i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
  • iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
  • ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
  • ib/isert: Fix dead lock in ib_isert (git-fixes)
  • ib/isert: Fix incorrect release of isert connection (git-fixes)
  • ib/isert: Fix possible list corruption in CMA handler (git-fixes)
  • ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
  • ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
  • ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
  • ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
  • ice: Do not double unplug aux on peer initiated reset (git-fixes).
  • ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
  • ice: Fix DSCP PFC TLV creation (git-fixes).
  • ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
  • ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
  • ice: Fix memory corruption in VF driver (git-fixes).
  • ice: Ignore EEXIST when setting promisc mode (git-fixes).
  • ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
  • ice: Reset FDIR counter in FDIR init stage (git-fixes).
  • ice: add profile conflict check for AVF FDIR (git-fixes).
  • ice: block LAN in case of VF to VF offload (git-fixes).
  • ice: config netdev tc before setting queues number (git-fixes).
  • ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
  • ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
  • ice: ethtool: advertise 1000M speeds properly (git-fixes).
  • ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
  • ice: fix wrong fallback logic for FDIR (git-fixes).
  • ice: handle E822 generic device ID in PLDM header (git-fixes).
  • ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
  • ice: use bitmap_free instead of devm_kfree (git-fixes).
  • ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
  • ieee802154: hwsim: Fix possible memory leaks (git-fixes).
  • ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
  • igb: fix bit_shift to be in [1..8] range (git-fixes).
  • igb: fix nvm.ops.read() error handling (git-fixes).
  • igc: Clean the TX buffer and TX descriptor ring (git-fixes).
  • igc: Fix possible system crash when loading module (git-fixes).
  • iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
  • iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
  • iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
  • iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
  • init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
  • init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
  • init: Provide arch_cpu_finalize_init() (bsc#1212448).
  • init: Remove check_bugs() leftovers (bsc#1212448).
  • input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
  • input: drv260x - fix typo in register value define (git-fixes).
  • input: drv260x - remove unused .reg_defaults (git-fixes).
  • input: drv260x - sleep between polling GO bit (git-fixes).
  • input: fix open count when closing inhibited device (git-fixes).
  • input: psmouse - fix OOB access in Elantech protocol (git-fixes).
  • input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
  • input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
  • integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
  • io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
  • ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
  • irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
  • irqchip/ftintc010: Mark all function static (git-fixes).
  • irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
  • jfs: Fix fortify moan in symlink (git-fixes).
  • kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
  • kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
  • kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
  • kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
  • kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
  • kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
  • kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
  • kprobes: Prohibit probes in gate area (git-fixes).
  • kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
  • kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
  • kvm: arm64: Do not hypercall before EL2 init (git-fixes)
  • kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
  • kvm: arm64: Save PSTATE early on exit (git-fixes)
  • kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
  • lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
  • lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
  • lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
  • lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
  • lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
  • lpfc: Enhance congestion statistics collection (bsc#1211852).
  • lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
  • lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
  • lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
  • mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
  • mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
  • mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
  • media: cec: core: do not set last_initiator if tx in progress (git-fixes).
  • media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
  • media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
  • media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
  • media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
  • media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
  • media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
  • media: dvb_ca_en50221: fix a size write bug (git-fixes).
  • media: dvb_demux: fix a bug for the continuity counter (git-fixes).
  • media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
  • media: netup_unidvb: fix irq init by