Security update for the Linux Kernel

Announcement ID: SUSE-SU-2023:2831-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1249 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2023-1249 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-21102 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-21102 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3090 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-3141 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2023-3141 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2023-3161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3212 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3212 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3357 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3357 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3358 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3358 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-3389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2023-3389 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
  • CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35823 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2023-35823 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35828 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35828 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35829 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-35829 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • openSUSE Leap 15.4
  • Public Cloud Module 15-SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that solves 16 vulnerabilities, contains one feature and has 33 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
  • CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
  • CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
  • CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
  • CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
  • CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
  • CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
  • CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
  • CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
  • CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
  • CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
  • CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
  • CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
  • CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
  • CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
  • CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).

The following non-security bugs were fixed:

  • ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
  • ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
  • ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256 (git-fixes).
  • ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
  • ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
  • ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
  • ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
  • ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
  • ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
  • ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
  • ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
  • ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
  • ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
  • ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
  • ALSA: oss: avoid missing-prototype warnings (git-fixes).
  • ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
  • ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
  • ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
  • ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
  • ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
  • ARM: dts: vexpress: add missing cache properties (git-fixes).
  • ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
  • ASoC: dwc: limit the number of overrun messages (git-fixes).
  • ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
  • ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
  • ASoC: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
  • ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes).
  • ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
  • ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
  • ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes).
  • ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
  • ASoC: ssm2602: Add workaround for playback distortions (git-fixes).
  • Also include kernel-docs build requirements for ALP
  • Avoid unsuported tar parameter on SLE12
  • Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
  • Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
  • Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
  • Bluetooth: hci_qca: fix debugfs registration (git-fixes).
  • Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
  • Fix usrmerge error (boo#1211796)
  • Generalize kernel-doc build requirements.
  • Get module prefix from kmod (bsc#1212835).
  • HID: google: add jewel USB id (git-fixes).
  • HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
  • HID: wacom: Add error check to wacom_parse_and_register() (git-fixes).
  • IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
  • IB/isert: Fix dead lock in ib_isert (git-fixes)
  • IB/isert: Fix incorrect release of isert connection (git-fixes)
  • IB/isert: Fix possible list corruption in CMA handler (git-fixes)
  • IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
  • Input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
  • Input: drv260x - fix typo in register value define (git-fixes).
  • Input: drv260x - remove unused .reg_defaults (git-fixes).
  • Input: drv260x - sleep between polling GO bit (git-fixes).
  • Input: fix open count when closing inhibited device (git-fixes).
  • Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
  • Input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
  • Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
  • KVM: arm64: Do not hypercall before EL2 init (git-fixes)
  • KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
  • KVM: arm64: Save PSTATE early on exit (git-fixes)
  • KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
  • Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
  • Move setting %%build_html to config.sh
  • Move setting %%split_optional to config.sh
  • Move setting %%supported_modules_check to config.sh
  • Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
  • PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
  • PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
  • PCI: Release resource invalidated by coalescing (git-fixes).
  • PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
  • PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
  • PCI: ftpci100: Release the clock resources (git-fixes).
  • PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes).
  • PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
  • PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
  • PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
  • PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
  • PCI: rockchip: Set address alignment for endpoint mode (git-fixes).
  • PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
  • PCI: rockchip: Write PCI Device ID to correct register (git-fixes).
  • PCI: vmd: Reset VMD config register between soft reboots (git-fixes).
  • PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
  • RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
  • RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
  • RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
  • RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
  • RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
  • RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
  • RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
  • RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
  • RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
  • RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
  • RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
  • RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
  • RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
  • RDMA/mlx5: Fix affinity assignment (git-fixes)
  • RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
  • RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
  • RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
  • RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
  • RDMA/rxe: Fix packet length checks (git-fixes)
  • RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
  • RDMA/rxe: Fix rxe_cq_post (git-fixes)
  • RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
  • RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
  • RDMA/rxe: Remove the unused variable obj (git-fixes)
  • RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
  • RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
  • RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
  • Remove more packaging cruft for SLE < 12 SP3
  • Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
  • Revert "mtd: rawnand: arasan: Prevent an unsupported configuration" (git-fixes).
  • Revert "net: phy: dp83867: perform soft reset and retain established link" (git-fixes).
  • SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
  • Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
  • Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
  • USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
  • USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
  • USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
  • USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
  • USB: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
  • USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
  • USB: dwc3: qcom: Fix potential memory leak (git-fixes).
  • USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
  • USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
  • USB: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
  • USB: gadget: udc: fix NULL dereference in remove() (git-fixes).
  • USB: hide unused usbfs_notify_suspend/resume functions (git-fixes).
  • USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
  • USB: serial: option: add Quectel EM061KGL series (git-fixes).
  • USB: typec: ucsi: Fix command cancellation (git-fixes).
  • USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
  • affs: initialize fsdata in affs_truncate() (git-fixes).
  • amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
  • arm64: Add missing Set/Way CMO encodings (git-fixes).
  • arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
  • arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
  • arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
  • arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
  • arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
  • arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
  • arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
  • arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
  • arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
  • arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
  • ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
  • batman-adv: Broken sync while rescheduling delayed work (git-fixes).
  • bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
  • bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
  • bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
  • bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
  • bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
  • bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
  • bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
  • bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
  • bpf: Add extra path pointer check to d_path helper (git-fixes).
  • bpf: Fix UAF in task local storage (bsc#1212564).
  • bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
  • bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
  • can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
  • can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
  • can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
  • can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
  • can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
  • can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
  • can: length: fix bitstuffing count (git-fixes).
  • can: length: fix description of the RRS field (git-fixes).
  • can: length: make header self contained (git-fixes).
  • ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
  • cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
  • cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
  • cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
  • clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
  • clk: cdce925: check return value of kasprintf() (git-fixes).
  • clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
  • clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
  • clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
  • clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
  • clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
  • clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
  • clk: si5341: free unused memory on probe failure (git-fixes).
  • clk: si5341: return error if one synth clock registration fails (git-fixes).
  • clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
  • clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
  • clk: vc5: check memory returned by kasprintf() (git-fixes).
  • clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
  • crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
  • crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
  • dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
  • dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
  • dmaengine: pl330: rename _start to prevent build error (git-fixes).
  • drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
  • drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
  • drm/amd/display: Add minimal pipe split transition state (git-fixes).
  • drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
  • drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
  • drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
  • drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
  • drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
  • drm/amd/display: edp do not add non-edid timings (git-fixes).
  • drm/amd/display: fix the system hang while disable PSR (git-fixes).
  • drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
  • drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
  • drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
  • drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
  • drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
  • drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
  • drm/amdgpu: release gpu full access after "amdgpu_device_ip_late_init" (git-fixes).
  • drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
  • drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
  • drm/ast: Fix ARM compatibility (git-fixes).
  • drm/bridge: tc358768: always enable HS video mode (git-fixes).
  • drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
  • drm/bridge: tc358768: fix PLL target frequency (git-fixes).
  • drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
  • drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
  • drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
  • drm/exynos: vidi: fix a wrong error return (git-fixes).
  • drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
  • drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
  • drm/i915/selftests: Add some missing error propagation (git-fixes).
  • drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
  • drm/i915/selftests: Stop using kthread_stop() (git-fixes).
  • drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
  • drm/i915: Use 18 fast wake AUX sync len (git-fixes).
  • drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
  • drm/msm/dp: Free resources after unregistering them (git-fixes).
  • drm/msm/dpu: correct MERGE_3D length (git-fixes).
  • drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
  • drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
  • drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
  • drm/msm: Set max segment size earlier (git-fixes).
  • drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
  • drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
  • drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
  • drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
  • drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
  • drm/radeon: fix possible division-by-zero errors (git-fixes).
  • drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
  • drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
  • drm/vram-helper: fix function names in vram helper doc (git-fixes).
  • drm: sun4i_tcon: use devm_clk_get_enabled in sun4i_tcon_init_clocks (git-fixes).
  • drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
  • dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
  • eeprom: at24: also select REGMAP (git-fixes).
  • elf: correct note name comment (git-fixes).
  • ext4: unconditionally enable the i_version counter (bsc#1211299).
  • extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
  • extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
  • extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
  • extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
  • extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
  • extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
  • fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
  • fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
  • fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
  • fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
  • fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
  • fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
  • fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
  • firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
  • firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
  • fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
  • fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
  • fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
  • fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
  • fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
  • fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
  • hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
  • hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
  • hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
  • hfs: fix OOB Read in __hfs_brec_find (git-fixes).
  • hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
  • hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
  • hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
  • hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
  • hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
  • i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
  • i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
  • i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
  • i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
  • iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
  • ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
  • ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
  • ice: Do not double unplug aux on peer initiated reset (git-fixes).
  • ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
  • ice: Fix DSCP PFC TLV creation (git-fixes).
  • ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
  • ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
  • ice: Fix memory corruption in VF driver (git-fixes).
  • ice: Ignore EEXIST when setting promisc mode (git-fixes).
  • ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
  • ice: Reset FDIR counter in FDIR init stage (git-fixes).
  • ice: add profile conflict check for AVF FDIR (git-fixes).
  • ice: block LAN in case of VF to VF offload (git-fixes).
  • ice: config netdev tc before setting queues number (git-fixes).
  • ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
  • ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
  • ice: ethtool: advertise 1000M speeds properly (git-fixes).
  • ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
  • ice: fix wrong fallback logic for FDIR (git-fixes).
  • ice: handle E822 generic device ID in PLDM header (git-fixes).
  • ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
  • ice: use bitmap_free instead of devm_kfree (git-fixes).
  • ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
  • ieee802154: hwsim: Fix possible memory leaks (git-fixes).
  • ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
  • igb: fix bit_shift to be in [1..8] range (git-fixes).
  • igb: fix nvm.ops.read() error handling (git-fixes).
  • igc: Clean the TX buffer and TX descriptor ring (git-fixes).
  • igc: Fix possible system crash when loading module (git-fixes).
  • iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
  • iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
  • iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
  • iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
  • init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
  • init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
  • init: Provide arch_cpu_finalize_init() (bsc#1212448).
  • init: Remove check_bugs() leftovers (bsc#1212448).
  • integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
  • irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
  • irqchip/ftintc010: Mark all function static (git-fixes).
  • irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
  • jfs: Fix fortify moan in symlink (git-fixes).
  • kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the