SLFO-pool/kernel-source
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main kernel-source revision 11c1673579408708be78b0db6ad91605

Browse Source
This commit is contained in:
Adrian Schröter
2025-01-16 10:17:48 +01:00
parent b646ba9db9
commit d6e33cb079
26 changed files with 10543 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
config.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

948
dtb-aarch64.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

2
dtb-aarch64.spec
View File

@@ -27,7 +27,7 @@
Name: dtb-aarch64
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-64kb.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-64kb.spec
View File

@@ -19,7 +19,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%define compress_modules zstd
%define compress_vmlinux xz
@@ -39,7 +39,7 @@
Name: kernel-64kb
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-debug.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-debug.spec
View File

@@ -19,7 +19,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%define compress_modules zstd
%define compress_vmlinux xz
@@ -39,7 +39,7 @@
Name: kernel-debug
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-default.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-default.spec
View File

@@ -19,7 +19,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%define compress_modules zstd
%define compress_vmlinux xz
@@ -39,7 +39,7 @@
Name: kernel-default
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-docs.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-docs.spec
View File

@@ -18,7 +18,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%define build_html 1
%define build_pdf 0
@@ -30,7 +30,7 @@
Name: kernel-docs
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-kvmsmall.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-kvmsmall.spec
View File

@@ -19,7 +19,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%define compress_modules zstd
%define compress_vmlinux xz
@@ -39,7 +39,7 @@
Name: kernel-kvmsmall
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-obs-build.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-obs-build.spec
View File

@@ -38,7 +38,7 @@
%endif
%endif
%endif
%global kernel_package kernel%kernel_flavor-srchash-f4110803f5745e96198dcbd8132e022e9048aaf6
%global kernel_package kernel%kernel_flavor-srchash-ed291891ed2804d2dd249f8063da18005e59bab4
%endif
%if 0%{?rhel_version}
%global kernel_package kernel
@@ -47,7 +47,7 @@
Name: kernel-obs-build
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-obs-qa.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

2
kernel-obs-qa.spec
View File

@@ -25,7 +25,7 @@
Name: kernel-obs-qa
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-source.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-source.spec
View File

@@ -18,7 +18,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -28,7 +28,7 @@
Name: kernel-source
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-syms.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-syms.spec
View File

@@ -16,7 +16,7 @@
#
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -25,7 +25,7 @@ Name: kernel-syms
Version: 6.12.0
%if %using_buildservice
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

948
kernel-zfcpdump.changes
View File

@@ -1,3 +1,893 @@
-------------------------------------------------------------------
Tue Jan 14 15:33:20 CET 2025 - jack@suse.cz
- Enable CONFIG_BUG_ON_DATA_CORRUPTION (jsc#PED-11849)
- commit ad832d9
-------------------------------------------------------------------
Tue Jan 14 15:19:57 CET 2025 - mfranc@suse.cz
- Remove superflous References tags.
- Refresh
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch.
- Refresh
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch.
- commit 53733e1
-------------------------------------------------------------------
Tue Jan 14 13:36:21 CET 2025 - dsterba@suse.com
- Delete patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch (bsc#1235128)
- commit 6ac27ed
-------------------------------------------------------------------
Tue Jan 14 13:30:56 CET 2025 - mgorman@suse.de
- Update config files.
Disable HARDENED_USERCOPY by default but can be re-enabled via the kernel
command line.
- commit b89f0e3
-------------------------------------------------------------------
Tue Jan 14 13:14:11 CET 2025 - mgorman@suse.de
- mm: security: Allow default HARDENED_USERCOPY to be set at
compile time (jsc#PED-11838).
- mm: security: Move hardened usercopy under 'Kernel hardening
options' (jsc#PED-11838).
- commit 6f73ffe
-------------------------------------------------------------------
Mon Jan 13 21:30:48 CET 2025 - krisman@suse.de
- Update
patches.suse/ACPI-x86-Add-adev-NULL-check-to-acpi_quirk_skip_serd.patch
(stable-fixes CVE-2024-56782 bsc#1235629).
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(git-fixes CVE-2024-53239 bsc#1235054).
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-control-Avoid-WARN-for-symlink-errors.patch
(git-fixes CVE-2024-56657 bsc#1235432).
- Update
patches.suse/ALSA-core-Fix-possible-NULL-dereference-caused-by-ku.patch
(git-fixes CVE-2024-56696 bsc#1235539).
- Update
patches.suse/ALSA-memalloc-prefer-dma_mapping_error-over-explicit.patch
(git-fixes CVE-2024-57800 bsc#1235772).
- Update
patches.suse/ALSA-pcm-Add-sanity-NULL-check-for-the-default-mmap-.patch
(stable-fixes CVE-2024-53180 bsc#1234929).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usb-audio-Fix-out-of-bounds-reads-when-finding-.patch
(stable-fixes CVE-2024-53150 bsc#1234834).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-out-of-bound-accesses-f.patch
(git-fixes CVE-2024-53197 bsc#1235464).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/ASoC-Intel-sof_sdw-Add-space-for-a-terminator-into-D.patch
(git-fixes CVE-2024-57880 bsc#1235800).
- Update
patches.suse/ASoC-SOF-Intel-hda-dai-Do-not-release-the-link-DMA-o.patch
(git-fixes CVE-2024-57805 bsc#1235790).
- Update
patches.suse/ASoC-imx-audmix-Add-NULL-check-in-imx_audmix_probe.patch
(git-fixes CVE-2024-53199 bsc#1234967).
- Update
patches.suse/ASoC-mediatek-Check-num_codecs-is-not-zero-to-avoid-.patch
(git-fixes CVE-2024-56685 bsc#1235561).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(stable-fixes CVE-2024-56605 bsc#1235061).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-deadlocks.patch
(git-fixes CVE-2024-53207 bsc#1234907).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-RFCOMM-avoid-leaving-dangling-sk-pointer-i.patch
(stable-fixes CVE-2024-56604 bsc#1235056).
- Update
patches.suse/Bluetooth-btmtk-adjust-the-position-to-init-iso-data.patch
(git-fixes CVE-2024-53238 bsc#1234910).
- Update
patches.suse/Bluetooth-btmtk-avoid-UAF-in-btmtk_process_coredump.patch
(git-fixes CVE-2024-56653 bsc#1235531).
- Update
patches.suse/Bluetooth-btusb-mediatek-add-intf-release-flow-when-.patch
(stable-fixes CVE-2024-56757 bsc#1235619).
- Update
patches.suse/Bluetooth-fix-use-after-free-in-device_for_each_chil.patch
(git-fixes CVE-2024-53237 bsc#1235007).
- Update
patches.suse/Bluetooth-hci_conn-Use-disable_delayed_work_sync.patch
(stable-fixes CVE-2024-56591 bsc#1235052).
- Update
patches.suse/Bluetooth-hci_core-Fix-not-checking-skb-length-on-hc.patch
(stable-fixes CVE-2024-56590 bsc#1235038).
- Update
patches.suse/Bluetooth-hci_event-Fix-using-rcu_read_-un-lock-whil.patch
(git-fixes CVE-2024-56654 bsc#1235532).
- Update
patches.suse/Bluetooth-iso-Always-release-hdev-at-the-end-of-iso_.patch
(git-fixes CVE-2024-57879 bsc#1235802).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_conn_big_sync.patch
(git-fixes CVE-2024-54191 bsc#1235717).
- Update
patches.suse/Bluetooth-iso-Fix-circular-lock-in-iso_listen_bis.patch
(git-fixes CVE-2024-54460 bsc#1235722).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update
patches.suse/NFSD-Prevent-a-potential-integer-overflow.patch
(git-fixes CVE-2024-53146 bsc#1234853).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(git-fixes CVE-2024-53173 bsc#1234891).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/PCI-Fix-use-after-free-of-slot-bus-on-hot-remove.patch
(stable-fixes CVE-2024-53194 bsc#1235459).
- Update
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
(git-fixes CVE-2024-56760 bsc#1235616).
- Update
patches.suse/PCI-endpoint-Fix-PCI-domain-ID-release-in-pci_epc_de.patch
(git-fixes CVE-2024-56561 bsc#1235105).
- Update
patches.suse/PCI-endpoint-epf-mhi-Avoid-NULL-dereference-if-DT-la.patch
(git-fixes CVE-2024-56689 bsc#1235543).
- Update
patches.suse/PCI-imx6-Fix-suspend-resume-support-on-i.MX6QDL.patch
(stable-fixes CVE-2024-57809 bsc#1235793).
- Update
patches.suse/PCI-qcom-ep-Move-controller-cleanups-to-qcom_pcie_pe.patch
(git-fixes CVE-2024-53153 bsc#1234830).
- Update
patches.suse/PCI-tegra194-Move-controller-cleanups-to-pex_ep_even.patch
(git-fixes CVE-2024-53152 bsc#1234841).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(jsc#PED-11250 CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(jsc#PED-11323 CVE-2024-53229 bsc#1234905).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/accel-ivpu-Fix-WARN-in-ivpu_ipc_send_receive_interna.patch
(git-fixes CVE-2024-54193 bsc#1235713).
- Update
patches.suse/accel-ivpu-Fix-general-protection-fault-in-ivpu_bo_l.patch
(git-fixes CVE-2024-54455 bsc#1235719).
- Update
patches.suse/accel-ivpu-Prevent-recovery-invocation-during-probe-.patch
(git-fixes CVE-2024-56540 bsc#1235063).
- Update
patches.suse/acpi-nfit-vmalloc-out-of-bounds-Read-in-acpi_nfit_ct.patch
(git-fixes CVE-2024-56662 bsc#1235533).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#123541 bsc#1235417).
- Update
patches.suse/apparmor-test-Fix-memory-leak-for-aa_unpack_strdup.patch
(git-fixes CVE-2024-56741 bsc#1235502).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_FPMR.patch
(git-fixes CVE-2024-57878 bsc#1235803).
- Update
patches.suse/arm64-ptrace-fix-partial-SETREGSET-for-NT_ARM_POE.patch
(git-fixes CVE-2024-57877 bsc#1235804).
- Update
patches.suse/blk-cgroup-Fix-UAF-in-blkcg_unpin_online.patch
(bsc#1234726 CVE-2024-56672 bsc#1235534).
- Update
patches.suse/bnxt_en-Fix-aggregation-ID-mask-to-prevent-oops-on-5.patch
(jsc#PED-10684 jsc#PED-11230 CVE-2024-56656 bsc#1235444).
- Update
patches.suse/cacheinfo-Allocate-memory-during-CPU-hotplug-if-not-done-f.patch
(jsc#PED-10467 CVE-2024-56617 bsc#1235429).
- Update
patches.suse/can-dev-can_set_termination-allow-sleeping-GPIOs.patch
(git-fixes CVE-2024-56625 bsc#1235223).
- Update
patches.suse/can-hi311x-hi3110_can_ist-fix-potential-use-after-fr.patch
(git-fixes CVE-2024-56651 bsc#1235528).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/clk-clk-apple-nco-Add-NULL-check-in-applnco_probe.patch
(git-fixes CVE-2024-53154 bsc#1234826).
- Update
patches.suse/clk-clk-loongson2-Fix-memory-corruption-bug-in-struc.patch
(git-fixes CVE-2024-53193 bsc#1234902).
- Update
patches.suse/clk-clk-loongson2-Fix-potential-buffer-overflow-in-f.patch
(git-fixes CVE-2024-53192 bsc#1234956).
- Update
patches.suse/clk-ralink-mtmips-fix-clocks-probe-order-in-oldest-r.patch
(git-fixes CVE-2024-53223 bsc#1234976).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(git-fixes CVE-2024-56690 bsc#1235428).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-qat_4xxx-fix-off-by-one-in-uof_get_name.patch
(git-fixes CVE-2024-53162 bsc#1234843).
- Update
patches.suse/dlm-fix-dlm_recover_members-refcount-on-error.patch
(git-fixes CVE-2024-56749 bsc#1235628).
- Update
patches.suse/dlm-fix-possible-lkb_resource-null-dereference.patch
(git-fixes CVE-2024-47809 bsc#1235714).
- Update
patches.suse/dma-debug-fix-a-possible-deadlock-on-radix_lock.patch
(stable-fixes CVE-2024-47143 bsc#1235710).
- Update
patches.suse/dmaengine-at_xdmac-avoid-null_prt_deref-in-at_xdmac_.patch
(git-fixes CVE-2024-56767 bsc#1235160).
- Update
patches.suse/drivers-soc-xilinx-add-the-missing-kfree-in-xlnx_add.patch
(git-fixes CVE-2024-56546 bsc#1235070).
- Update
patches.suse/drm-amd-display-Adding-array-index-check-to-prevent-.patch
(stable-fixes CVE-2024-56784 bsc#1235654).
- Update
patches.suse/drm-amd-display-Fix-handling-of-plane-refcount.patch
(stable-fixes CVE-2024-56775 bsc#1235657).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-2bc96c9.patch
(git-fixes CVE-2024-53200 bsc#1234968).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st.patch
(git-fixes CVE-2024-53201 bsc#1234969).
- Update
patches.suse/drm-amd-display-Fix-out-of-bounds-access-in-dcn21_li.patch
(stable-fixes CVE-2024-56608 bsc#1235487).
- Update
patches.suse/drm-amd-display-fix-a-memleak-issue-when-driver-is-r.patch
(git-fixes CVE-2024-56542 bsc#1234908).
- Update
patches.suse/drm-amdgpu-Fix-the-memory-allocation-issue-in-amdgpu.patch
(git-fixes CVE-2024-56697 bsc#1235544).
- Update patches.suse/drm-amdgpu-don-t-access-invalid-sched.patch
(git-fixes CVE-2024-46896 bsc#1235707).
- Update patches.suse/drm-amdgpu-fix-usage-slab-after-free.patch
(stable-fixes CVE-2024-56551 bsc#1235075).
- Update
patches.suse/drm-amdgpu-gfx9-Add-Cleaner-Shader-Deinitialization-.patch
(git-fixes CVE-2024-56753 bsc#1235631).
- Update
patches.suse/drm-amdgpu-set-the-right-AMDGPU-sg-segment-limitatio.patch
(stable-fixes CVE-2024-56594 bsc#1235413).
- Update
patches.suse/drm-amdkfd-Dereference-null-return-value.patch
(git-fixes CVE-2024-56666 bsc#1235242).
- Update
patches.suse/drm-amdkfd-Use-dynamic-allocation-for-CU-occupancy-a.patch
(git-fixes CVE-2024-56695 bsc#1235541).
- Update
patches.suse/drm-dp_mst-Fix-MST-sideband-message-body-length-chec.patch
(stable-fixes CVE-2024-56616 bsc#1235427).
- Update
patches.suse/drm-i915-Fix-NULL-pointer-dereference-in-capture_eng.patch
(git-fixes CVE-2024-56667 bsc#1235016).
- Update
patches.suse/drm-modes-Avoid-divide-by-zero-harder-in-drm_mode_vr.patch
(stable-fixes CVE-2024-56369 bsc#1235750).
- Update
patches.suse/drm-nouveau-gr-gf100-Fix-missing-unlock-in-gf100_gr_.patch
(git-fixes CVE-2024-56752 bsc#1234937).
- Update
patches.suse/drm-panel-himax-hx83102-Add-a-check-to-prevent-NULL-.patch
(git-fixes CVE-2024-56711 bsc#1235562).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/drm-vc4-hdmi-Avoid-hang-with-debug-registers-when-su.patch
(git-fixes CVE-2024-56683 bsc#1235497).
- Update
patches.suse/drm-xe-guc_submit-fix-race-around-suspend_pending.patch
(git-fixes CVE-2024-56552 bsc#1235071).
- Update patches.suse/drm-xe-reg_sr-Remove-register-pool.patch
(git-fixes CVE-2024-56652 bsc#1235529).
- Update
patches.suse/drm-xlnx-zynqmp_disp-layer-may-be-null-while-releasi.patch
(git-fixes CVE-2024-56537 bsc#1235049).
- Update
patches.suse/drm-zynqmp_kms-Unplug-DRM-device-before-removal.patch
(git-fixes CVE-2024-56538 bsc#1235051).
- Update
patches.suse/efi-libstub-Free-correct-pointer-on-failure.patch
(git-fixes CVE-2024-56573 bsc#1235042).
- Update
patches.suse/erofs-fix-blksize-PAGE_SIZE-for-file-backed-mounts.patch
(git-fixes CVE-2024-56750 bsc#1235630).
- Update patches.suse/erofs-fix-file-backed-mounts-over-FUSE.patch
(git-fixes CVE-2024-53235 bsc#1234998).
- Update
patches.suse/erofs-handle-NONHEAD-delta-1-lclusters-gracefully.patch
(git-fixes CVE-2024-53234 bsc#1235045).
- Update
patches.suse/exfat-fix-out-of-bounds-access-of-directory-entries.patch
(git-fixes CVE-2024-53147 bsc#1234857).
- Update
patches.suse/fbdev-sh7760fb-Fix-a-possible-memory-leak-in-sh7760f.patch
(git-fixes CVE-2024-56746 bsc#1235622).
- Update
patches.suse/firmware-arm_scpi-Check-the-DVFS-OPP-count-returned-.patch
(git-fixes CVE-2024-53157 bsc#1234827).
- Update
patches.suse/firmware_loader-Fix-possible-resource-leak-in-fw_log.patch
(git-fixes CVE-2024-53202 bsc#1234970).
- Update
patches.suse/gpio-graniterapids-Fix-vGPIO-driver-crash.patch
(stable-fixes CVE-2024-56671 bsc#1235018).
- Update
patches.suse/gpio-grgpio-Add-NULL-check-in-grgpio_probe.patch
(git-fixes CVE-2024-56634 bsc#1235486).
- Update
patches.suse/i3c-Use-i3cdev-desc-info-instead-of-calling-i3c_devi.patch
(stable-fixes CVE-2024-43098 bsc#1235703).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i3c-mipi-i3c-hci-Mask-ring-interrupts-before-ring-st.patch
(stable-fixes CVE-2024-45828 bsc#1235705).
- Update
patches.suse/igb-Fix-potential-invalid-memory-access-in-igb_init_.patch
(jsc#PED-10426 jsc#PED-10425 CVE-2024-52332 bsc#1235700).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/io_uring-check-for-overflows-in-io_pin_pages.patch
(git-fixes CVE-2024-53187 bsc#1234947).
- Update
patches.suse/io_uring-check-if-iowq-is-killed-before-queuing.patch
(git-fixes CVE-2024-56709 bsc#1235552).
- Update
patches.suse/io_uring-tctx-work-around-xa_store-allocation-error-.patch
(git-fixes CVE-2024-56584 bsc#1235117).
- Update patches.suse/iommu-s390-Implement-blocking-domain.patch
(git-fixes bsc#1234350 CVE-2024-53232 bsc#1235050).
- Update
patches.suse/iommufd-Fix-out_fput-in-iommufd_fault_alloc.patch
(git-fixes CVE-2024-56624 bsc#1235469).
- Update
patches.suse/ionic-Fix-netdev-notifier-unregister-on-failure.patch
(jsc#PED-11378 CVE-2024-56715 bsc#1235612).
- Update patches.suse/ionic-no-double-destroy-workqueue.patch
(jsc#PED-11378 CVE-2024-56714 bsc#1235558).
- Update
patches.suse/irqchip-riscv-aplic-Prevent-crash-when-MSI-domain-is.patch
(git-fixes CVE-2024-56682 bsc#1235559).
- Update
patches.suse/kcsan-Turn-report_filterlist_lock-into-a-raw_spinloc.patch
(stable-fixes CVE-2024-56610 bsc#1235390).
- Update
patches.suse/kunit-Fix-potential-null-dereference-in-kunit_device.patch
(git-fixes CVE-2024-56773 bsc#1235594).
- Update
patches.suse/kunit-string-stream-Fix-a-UAF-bug-in-kunit_init_suit.patch
(git-fixes CVE-2024-56772 bsc#1235651).
- Update
patches.suse/leds-class-Protect-brightness_show-with-led_cdev-led.patch
(stable-fixes CVE-2024-56587 bsc#1235125).
- Update
patches.suse/mailbox-mtk-cmdq-fix-wrong-use-of-sizeof-in-cmdq_get.patch
(git-fixes CVE-2024-56684 bsc#1235560).
- Update
patches.suse/media-atomisp-Add-check-for-rgby_data-memory-allocat.patch
(git-fixes CVE-2024-56705 bsc#1235568).
- Update
patches.suse/media-dvb-frontends-dib3000mb-fix-uninit-value-in-di.patch
(git-fixes CVE-2024-56769 bsc#1235155).
- Update
patches.suse/media-i2c-tc358743-Fix-crash-in-the-probe-error-path.patch
(git-fixes CVE-2024-56576 bsc#1235019).
- Update
patches.suse/media-imx-jpeg-Ensure-power-suppliers-be-suspended-b.patch
(git-fixes CVE-2024-56575 bsc#1235039).
- Update
patches.suse/media-imx-jpeg-Set-video-drvdata-before-register-vid.patch
(git-fixes CVE-2024-56578 bsc#1235115).
- Update
patches.suse/media-intel-ipu6-do-not-handle-interrupts-when-devic.patch
(git-fixes CVE-2024-56680 bsc#1235556).
- Update
patches.suse/media-mtk-jpeg-Fix-null-ptr-deref-during-unload-modu.patch
(git-fixes CVE-2024-56577 bsc#1235112).
- Update
patches.suse/media-platform-allegro-dvt-Fix-possible-memory-leak-.patch
(git-fixes CVE-2024-56572 bsc#1235043).
- Update
patches.suse/media-qcom-camss-fix-error-path-on-configuration-of-.patch
(git-fixes CVE-2024-56580 bsc#1235114).
- Update
patches.suse/media-ts2020-fix-null-ptr-deref-in-ts2020_probe.patch
(git-fixes CVE-2024-56574 bsc#1235040).
- Update
patches.suse/media-uvcvideo-Require-entities-to-have-a-non-zero-u.patch
(git-fixes CVE-2024-56571 bsc#1235037).
- Update
patches.suse/media-wl128x-Fix-atomicity-violation-in-fmc_send_cmd.patch
(git-fixes CVE-2024-56700 bsc#1235500).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-PMIC-dev.patch
(git-fixes CVE-2024-56723 bsc#1235571).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-TMU-devi.patch
(git-fixes CVE-2024-56724 bsc#1235577).
- Update
patches.suse/mfd-intel_soc_pmic_bxtwc-Use-IRQ-domain-for-USB-Type.patch
(git-fixes CVE-2024-56691 bsc#1235425).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3082-HID-hyperv-streamline-driver-probe-to-avoid-devres-i.patch
(git-fixes CVE-2024-56545 bsc#1235069).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_us.patch
(git-fixes CVE-2024-56766 bsc#1235219).
- Update
patches.suse/mtd-spinand-winbond-Fix-512GW-01GW-01JW-and-02JW-ECC.patch
(git-fixes CVE-2024-56771 bsc#1235649).
- Update
patches.suse/net-mlx5-DR-prevent-potential-error-pointer-derefere.patch
(jsc#PED-11331 CVE-2024-56660 bsc#1235437).
- Update
patches.suse/net-usb-lan78xx-Fix-double-free-issue-with-interrupt.patch
(git-fixes CVE-2024-53213 bsc#1234973).
- Update
patches.suse/nfs-blocklayout-Don-t-attempt-unregister-for-invalid-block-device.patch
(git-fixes CVE-2024-53167 bsc#1234886).
- Update
patches.suse/nfs-localio-must-clear-res.replen-in-nfs_local_read_done.patch
(git-fixes CVE-2024-56740 bsc#1234932).
- Update
patches.suse/nfs_common-must-not-hold-RCU-while-calling-nfsd_file_put_local.patch
(git-fixes CVE-2024-56743 bsc#1235614).
- Update
patches.suse/nfsd-fix-nfs4_openowner-leak-when-concurrent-nfsd4_open-occur.patch
(git-fixes CVE-2024-56779 bsc#1235632).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/nvme-rdma-unquiesce-admin_q-before-destroy-it.patch
(git-fixes CVE-2024-49569 bsc#1235730).
- Update
patches.suse/nvme-tcp-fix-the-memleak-while-create-new-ctrl-faile.patch
(git-fixes CVE-2024-56632 bsc#1235483).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-cn10.patch
(jsc#PED-11317 CVE-2024-56726 bsc#1235582).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-69297b0d.patch
(jsc#PED-11317 CVE-2024-56725 bsc#1235578).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-bd3110bc.patch
(jsc#PED-11317 CVE-2024-56727 bsc#1235583).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-e26f8eac.patch
(jsc#PED-11317 CVE-2024-56728 bsc#1235656).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2-f5b942e6.patch
(jsc#PED-11317 CVE-2024-56707 bsc#1235545).
- Update
patches.suse/octeontx2-pf-handle-otx2_mbox_get_rsp-errors-in-otx2.patch
(jsc#PED-11317 CVE-2024-56679 bsc#1235498).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb2phy_probe.patch
(git-fixes CVE-2024-53205 bsc#1234954).
- Update
patches.suse/phy-realtek-usb-fix-NULL-deref-in-rtk_usb3phy_probe.patch
(git-fixes CVE-2024-53204 bsc#1234955).
- Update
patches.suse/phy-rockchip-samsung-hdptx-Set-drvdata-before-enabli.patch
(git-fixes CVE-2024-57799 bsc#1235770).
- Update
patches.suse/pinmux-Use-sequential-access-to-access-desc-pinmux-d.patch
(stable-fixes CVE-2024-47141 bsc#1235708).
- Update
patches.suse/pmdomain-imx-gpcv2-Adjust-delay-after-power-up-hands.patch
(git-fixes CVE-2024-56618 bsc#1235465).
- Update
patches.suse/power-supply-gpio-charger-Fix-set-charge-current-lim.patch
(git-fixes CVE-2024-57792 bsc#1235764).
- Update
patches.suse/powerpc-fadump-Move-fadump_cma_init-to-setup_arch-af.patch
(bsc#1215199 CVE-2024-56677 bsc#1235494).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update patches.suse/regulator-axp20x-AXP717-set-ramp_delay.patch
(git-fixes CVE-2024-53682 bsc#1235718).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/s390-cpum_sf-Fix-and-protect-memory-allocation-of-SDBs-with-mutex.patch
(git-fixes bsc#1234348 CVE-2024-56706 bsc#1235586).
- Update
patches.suse/s390-entry-Mark-IRQ-entries-to-fix-stack-depot-warnings.patch
(git-fixes bsc#1234356 CVE-2024-57838 bsc#1235798).
- Update
patches.suse/s390-iucv-MSG_PEEK-causes-memory-leak-in-iucv_sock_destruct.patch
(git-fixes bsc#1234351 CVE-2024-53210 bsc#1234971).
- Update
patches.suse/s390-pci-Fix-potential-double-remove-of-hotplug-slot.patch
(git-fixes bsc#1234354 CVE-2024-56699 bsc#1235490).
- Update
patches.suse/sched-deadline-Fix-warning-in-migrate_enable-for-boosted-tasks.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-56583 bsc#1235118).
- Update patches.suse/sched-fair-Fix-NEXT_BUDDY.patch (bsc#1234634
(Scheduler functional and performance backports) CVE-2024-49573
bsc#1235743).
- Update patches.suse/sched-fix-warning-in-sched_setaffinity.patch
(bsc#1234634 (Scheduler functional and performance backports)
CVE-2024-41932 bsc#1235699).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(jsc#PED-11259 CVE-2024-57807 bsc#1235761).
- Update
patches.suse/scsi-qla2xxx-Fix-use-after-free-on-unload.patch
(bsc#1235406 CVE-2024-56623 bsc#1235466).
- Update
patches.suse/soc-imx8m-Probe-the-SoC-driver-as-platform-driver.patch
(stable-fixes CVE-2024-56787 bsc#1235663).
- Update
patches.suse/soc-qcom-geni-se-fix-array-underflow-in-geni_se_clk_.patch
(git-fixes CVE-2024-53158 bsc#1234811).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update
patches.suse/sunrpc-clear-XPRT_SOCK_UPD_TIMEOUT-when-reset-transport.patch
(git-fixes CVE-2024-56688 bsc#1235538).
- Update
patches.suse/sunrpc-fix-one-UAF-issue-caused-by-sunrpc-kernel-tcp-socket.patch
(git-fixes CVE-2024-53168 bsc#1234887).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/thermal-testing-Initialize-some-variables-annoteded-.patch
(git-fixes CVE-2024-56676 bsc#1235493).
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- Update patches.suse/unicode-Fix-utf8_load-error-path.patch
(git-fixes CVE-2024-53233 bsc#1235046).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- Update
patches.suse/usb-gadget-u_serial-Fix-the-issue-that-gs_start_io-c.patch
(git-fixes CVE-2024-56670 bsc#1235488).
- Update
patches.suse/usb-musb-Fix-hardware-lockup-on-first-Rx-endpoint-re.patch
(git-fixes CVE-2024-56687 bsc#1235537).
- Update
patches.suse/usb-typec-fix-potential-array-underflow-in-ucsi_ccg_.patch
(git-fixes CVE-2024-53203 bsc#1235001).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/wifi-ath10k-avoid-NULL-pointer-error-during-sdio-rem.patch
(stable-fixes CVE-2024-56599 bsc#1235138).
- Update
patches.suse/wifi-ath12k-Skip-Rx-TID-cleanup-for-self-peer.patch
(git-fixes CVE-2024-56543 bsc#1235065).
- Update
patches.suse/wifi-ath12k-fix-atomic-calls-in-ath12k_mac_op_set_bi.patch
(stable-fixes CVE-2024-56607 bsc#1235423).
- Update patches.suse/wifi-ath12k-fix-crash-when-unbinding.patch
(git-fixes CVE-2024-53188 bsc#1234948).
- Update
patches.suse/wifi-ath12k-fix-use-after-free-in-ath12k_dp_cc_clean.patch
(git-fixes CVE-2024-56541 bsc#1235064).
- Update patches.suse/wifi-ath12k-fix-warning-when-unbinding.patch
(git-fixes CVE-2024-53191 bsc#1234952).
- Update
patches.suse/wifi-ath9k-add-range-check-for-conn_rsp_epid-in-htc_.patch
(git-fixes CVE-2024-53156 bsc#1234846).
- Update
patches.suse/wifi-brcmfmac-Fix-oops-due-to-NULL-pointer-dereferen.patch
(stable-fixes CVE-2024-56593 bsc#1235252).
- Update
patches.suse/wifi-cw1200-Fix-potential-NULL-dereference.patch
(git-fixes CVE-2024-56536 bsc#1234911).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(git-fixes CVE-2024-56539 bsc#1234963).
- Update
patches.suse/wifi-nl80211-fix-NL80211_ATTR_MLO_LINK_ID-off-by-one.patch
(git-fixes CVE-2024-56663 bsc#1235454).
- Update
patches.suse/wifi-nl80211-fix-bounds-checker-error-in-nl80211_par.patch
(git-fixes CVE-2024-53189 bsc#1234949).
- Update
patches.suse/wifi-rtlwifi-Drastically-reduce-the-attempts-to-read.patch
(stable-fixes CVE-2024-53190 bsc#1234950).
- Update
patches.suse/wifi-rtw88-use-ieee80211_purge_tx_queue-to-purge-TX-.patch
(stable-fixes CVE-2024-56609 bsc#1235389).
- Update
patches.suse/wifi-rtw89-check-return-value-of-ieee80211_probereq_.patch
(stable-fixes CVE-2024-48873 bsc#1235716).
- Update
patches.suse/wifi-rtw89-coex-check-NULL-return-of-kmalloc-in-btc_.patch
(git-fixes CVE-2024-56535 bsc#1235044).
- Update
patches.suse/xfs-unlock-inodes-when-erroring-out-of-xfs_trans_alloc_dir.patch
(git-fixes CVE-2024-55641 bsc#1235740).
- commit b21bae3
-------------------------------------------------------------------
Mon Jan 13 13:48:02 CET 2025 - mfranc@suse.cz
- KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes
bsc#1235755).
- KVM: s390: Reject setting flic pfault attributes on ucontrol
VMs (git-fixes bsc#1235756).
- KVM: s390: vsie: fix virtual/physical address in unpin_scb()
(git-fixes bsc#1235757).
- commit 25f73de
-------------------------------------------------------------------
Mon Jan 13 11:54:55 CET 2025 - mfranc@suse.cz
- s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646)
- commit 2199130
-------------------------------------------------------------------
Mon Jan 13 10:05:49 CET 2025 - tiwai@suse.de
- misc: microchip: pci1xxxx: Resolve return code mismatch during
GPIO set config (git-fixes).
- misc: microchip: pci1xxxx: Resolve kernel panic during GPIO
IRQ handling (git-fixes).
- interconnect: icc-clk: check return values of devm_kasprintf()
(git-fixes).
- interconnect: qcom: icc-rpm: Set the count member before
accessing the flex array (git-fixes).
- iio: adc: ti-ads1119: fix sample size in scan struct for
triggered buffer (git-fixes).
- iio: inkern: call iio_device_put() only on mapped devices
(git-fixes).
- iio: adc: ad9467: Fix the "don't allow reading vref if not
available" case (git-fixes).
- iio: adc: at91: call input_free_device() on allocated iio_dev
(git-fixes).
- iio: adc: ad7173: fix using shared static info struct
(git-fixes).
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep()
(git-fixes).
- iio: adc: ti-ads1119: fix information leak in triggered buffer
(git-fixes).
- iio: pressure: zpa2326: fix information leak in triggered buffer
(git-fixes).
- iio: adc: rockchip_saradc: fix information leak in triggered
buffer (git-fixes).
- iio: imu: kmx61: fix information leak in triggered buffer
(git-fixes).
- iio: light: vcnl4035: fix information leak in triggered buffer
(git-fixes).
- iio: light: bh1745: fix information leak in triggered buffer
(git-fixes).
- iio: adc: ti-ads8688: fix information leak in triggered buffer
(git-fixes).
- iio: dummy: iio_simply_dummy_buffer: fix information leak in
triggered buffer (git-fixes).
- iio: test: Fix GTS test config (git-fixes).
- iio: adc: ti-ads1298: Add NULL check in ads1298_init
(git-fixes).
- iio: adc: stm32-dfsdm: handle label as an optional property
(git-fixes).
- iio: adc: ad4695: fix buffered read, single sample timings
(git-fixes).
- iio: imu: inv_icm42600: fix timestamps after suspend if sensor
is on (git-fixes).
- iio: gyro: fxas21002c: Fix missing data update in trigger
handler (git-fixes).
- iio: test : check null return of kunit_kmalloc in
iio_rescale_test_scale (git-fixes).
- iio: adc: ad7124: Disable all channels at probe time
(git-fixes).
- staging: iio: ad9832: Correct phase range check (git-fixes).
- staging: iio: ad9834: Correct phase range check (git-fixes).
- usb: typec: fix pm usage counter imbalance in
ucsi_ccg_sync_control() (git-fixes).
- usb: gadget: midi2: Reverse-select at the right place
(git-fixes).
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
(git-fixes).
- USB: core: Disable LPM only for non-suspended ports (git-fixes).
- usb: fix reference leak in usb_new_device() (git-fixes).
- usb: typec: tcpci: fix NULL pointer issue on shared irq case
(git-fixes).
- usb: gadget: u_serial: Disable ep before setting port to null
to fix the crash caused by port being null (git-fixes).
- usb: chipidea: ci_hdrc_imx: decrement device's refcount in
.remove() and in the error path of .probe() (git-fixes).
- usb: gadget: configfs: Ignore trailing LF for user strings to
cdev (git-fixes).
- USB: usblp: return error when setting unsupported protocol
(git-fixes).
- usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints
(git-fixes).
- usb: typec: tcpm/tcpci_maxim: fix error code in
max_contaminant_read_resistance_kohm() (git-fixes).
- usb: host: xhci-plat: set skip_phy_initialization if software
node has XHCI_SKIP_PHY_INIT property (git-fixes).
- usb: dwc3-am62: Disable autosuspend during remove (git-fixes).
- usb: dwc3: gadget: fix writing NYET threshold (git-fixes).
- commit 708e579
-------------------------------------------------------------------
Mon Jan 13 08:49:06 CET 2025 - jslaby@suse.cz
- serial: stm32: use port lock wrappers for break control
(git-fixes).
- tty: serial: 8250: Fix another runtime PM usage counter
underflow (git-fixes).
- commit 2e58518
-------------------------------------------------------------------
Sun Jan 12 09:34:43 CET 2025 - tiwai@suse.de
- hwmon: (drivetemp) Fix driver producing garbage data when SCSI
errors occur (git-fixes).
- modpost: fix the missed iteration for the max bit in do_input()
(git-fixes).
- commit 5559cd4
-------------------------------------------------------------------
Sun Jan 12 03:41:39 CET 2025 - jlee@suse.com
- Refresh
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch.
- commit 1526952
-------------------------------------------------------------------
Sat Jan 11 09:41:15 CET 2025 - tiwai@suse.de
- thermal: of: fix OF node leak in of_thermal_zone_find()
(git-fixes).
- drm/mediatek: Add return value check when reading DPCD
(git-fixes).
- drm/mediatek: mtk_dsi: Add registers to pdata to fix
MT8186/MT8188 (git-fixes).
- drm/mediatek: Fix mode valid issue for dp (git-fixes).
- drm/mediatek: Fix YCbCr422 color format issue for DP
(git-fixes).
- drm/mediatek: stop selecting foreign drivers (git-fixes).
- drm/mediatek: Add support for 180-degree rotation in the
display driver (git-fixes).
- drm/mediatek: Only touch DISP_REG_OVL_PITCH_MSB if AFBC is
supported (git-fixes).
- drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
(git-fixes).
- drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
mtk_drm_bind returns err (git-fixes).
- Revert "drm/mediatek: dsi: Correct calculation formula of PHY
Timing" (git-fixes).
- drm/xe: Fix tlb invalidation when wedging (git-fixes).
- drm/amdgpu: Add a lock when accessing the buddy trim function
(git-fixes).
- drm/amdkfd: fixed page fault when enable MES shader debugger
(git-fixes).
- drm/amd/display: fix divide error in DM plane scale calcs
(git-fixes).
- drm/amd/display: fix page fault due to max surface definition
mismatch (git-fixes).
- drm/amd/display: Remove unnecessary amdgpu_irq_get/put
(git-fixes).
- platform/x86: intel/pmc: Fix ioremap() of bad address
(git-fixes).
- platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042
actually enabled it (git-fixes).
- gpio: loongson: Fix Loongson-2K2000 ACPI GPIO register offset
(git-fixes).
- gpio: virtuser: fix handling of multiple conn_ids in lookup
table (git-fixes).
- gpio: virtuser: fix missing lookup table cleanups (git-fixes).
- commit 993f2e5
-------------------------------------------------------------------
Sat Jan 11 07:52:08 CET 2025 - jlee@suse.com
- kgdb: Check early kernel lockdown flag before using kgdb
(bsc#1234646).
- commit 8566b22
-------------------------------------------------------------------
Sat Jan 11 07:51:19 CET 2025 - jlee@suse.com
- ACPI: Check early kernel lockdown flag before overlaying tables
(bsc#1234646).
- commit f711c7c
-------------------------------------------------------------------
Sat Jan 11 07:49:55 CET 2025 - jlee@suse.com
- efi: Set early kernel lock down flag if booted in secure boot
mode (bsc#1234646).
- commit 00a355d
-------------------------------------------------------------------
Sat Jan 11 07:48:01 CET 2025 - jlee@suse.com
- security: Add a kernel lockdown flag for early boot stage
(bsc#1234646).
Update config files.
CONFIG_LOCK_DOWN_KERNEL_EARLY
- commit d7ebed1
-------------------------------------------------------------------
Sat Jan 11 07:46:49 CET 2025 - jlee@suse.com
- Lock down x86_64 kernel in secure boot mode in subsys_initcall
stage (bsc#1234646).
- commit 206dec9
-------------------------------------------------------------------
Fri Jan 10 21:00:44 CET 2025 - lduncan@suse.com
@@ -18,6 +908,13 @@ Fri Jan 10 18:20:33 CET 2025 - rgoldwyn@suse.com
- Disable ceph (jsc#PED-7242)
- commit c5f8eec
-------------------------------------------------------------------
Fri Jan 10 16:45:40 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit fe21847
-------------------------------------------------------------------
Fri Jan 10 15:54:43 CET 2025 - mhocko@suse.com
@@ -57,6 +954,34 @@ Fri Jan 10 11:51:12 CET 2025 - vbabka@suse.cz
except on zfcpdump, disable CONFIG_SLAB_BUCKETS on zfcpdump.
- commit 23291c7
-------------------------------------------------------------------
Fri Jan 10 11:09:45 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
- commit 75d9cc5
-------------------------------------------------------------------
Fri Jan 10 11:07:03 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
- commit a397f81
-------------------------------------------------------------------
Fri Jan 10 11:06:19 CET 2025 - jlee@suse.com
- Refresh
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch.
- commit 6f37879
-------------------------------------------------------------------
Fri Jan 10 11:05:11 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit c848190
-------------------------------------------------------------------
Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
@@ -64,6 +989,22 @@ Fri Jan 10 11:01:00 CET 2025 - jlee@suse.com
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
- commit 5b00a1a
-------------------------------------------------------------------
Fri Jan 10 10:56:52 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
Update config files.
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
- commit 509a86d
-------------------------------------------------------------------
Fri Jan 10 10:54:16 CET 2025 - jlee@suse.com
- Reviewed
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
- commit 6ffabc3
-------------------------------------------------------------------
Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
@@ -71,6 +1012,13 @@ Fri Jan 10 10:53:14 CET 2025 - mhocko@suse.com
(CVE-2024-56631 bsc#1235480).
- commit 76de829
-------------------------------------------------------------------
Fri Jan 10 10:53:08 CET 2025 - jlee@suse.com
- Refresh
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch.
- commit 2157c81
-------------------------------------------------------------------
Fri Jan 10 10:50:02 CET 2025 - tiwai@suse.de

4
kernel-zfcpdump.spec
View File

@@ -19,7 +19,7 @@
%define srcversion 6.12
%define patchversion 6.12.0
%define git_commit f4110803f5745e96198dcbd8132e022e9048aaf6
%define git_commit ed291891ed2804d2dd249f8063da18005e59bab4
%define variant %{nil}
%define compress_modules zstd
%define compress_vmlinux xz
@@ -39,7 +39,7 @@
Name: kernel-zfcpdump
Version: 6.12.0
%if 0%{?is_kotd}
Release: <RELEASE>.gf411080
Release: <RELEASE>.ged29189
%else
Release: 0
%endif

BIN
patches.suse.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

98
series.conf
View File

@@ -1667,7 +1667,6 @@
patches.suse/i2c-imx-add-imx7d-compatible-string-for-applying-err.patch
patches.suse/i2c-microchip-core-actually-use-repeated-sends.patch
patches.suse/i2c-microchip-core-fix-ghost-detections.patch
patches.suse/btrfs-fix-use-after-free-waiting-for-encoded-read-en.patch
patches.suse/PCI-MSI-Handle-lack-of-irqdomain-gracefully.patch
patches.suse/platform-x86-mlx-platform-call-pci_dev_put-to-balanc.patch
patches.suse/mmc-sdhci-msm-fix-crypto-key-eviction.patch
@@ -1721,6 +1720,7 @@
patches.suse/nvmet-Don-t-overflow-subsysnqn.patch
patches.suse/nvmet-loop-avoid-using-mutex-in-IO-hotpath.patch
patches.suse/workqueue-Do-not-warn-when-cancelling-WQ_MEM_RECLAIM-work-from-WQ_MEM_RECLAIM-worker.patch
patches.suse/modpost-fix-the-missed-iteration-for-the-max-bit-in-.patch
patches.suse/exfat-fix-the-infinite-loop-in-exfat_readdir.patch
patches.suse/exfat-fix-the-new-buffer-was-not-zeroed-before-writing.patch
patches.suse/exfat-fix-the-infinite-loop-in-__exfat_free_cluster.patch
@@ -1736,6 +1736,77 @@
patches.suse/Bluetooth-MGMT-Fix-Add-Device-to-responding-before-c.patch
patches.suse/Bluetooth-btnxpuart-Fix-driver-sending-truncated-dat.patch
patches.suse/Bluetooth-btmtk-Fix-failed-to-send-func-ctrl-for-Med.patch
patches.suse/gpio-virtuser-fix-missing-lookup-table-cleanups.patch
patches.suse/gpio-virtuser-fix-handling-of-multiple-conn_ids-in-l.patch
patches.suse/gpio-loongson-Fix-Loongson-2K2000-ACPI-GPIO-register.patch
patches.suse/platform-x86-amd-pmc-Only-disable-IRQ1-wakeup-where-.patch
patches.suse/platform-x86-intel-pmc-Fix-ioremap-of-bad-address.patch
patches.suse/drm-amd-display-Remove-unnecessary-amdgpu_irq_get-pu.patch
patches.suse/drm-amd-display-fix-page-fault-due-to-max-surface-de.patch
patches.suse/drm-amd-display-fix-divide-error-in-DM-plane-scale-c.patch
patches.suse/drm-amdkfd-fixed-page-fault-when-enable-MES-shader-d.patch
patches.suse/drm-amdgpu-Add-a-lock-when-accessing-the-buddy-trim-.patch
patches.suse/drm-xe-Fix-tlb-invalidation-when-wedging.patch
patches.suse/Revert-drm-mediatek-dsi-Correct-calculation-formula-.patch
patches.suse/drm-mediatek-Set-private-all_drm_private-i-drm-to-NU.patch
patches.suse/drm-mediatek-Move-mtk_crtc_finish_page_flip-to-ddp_c.patch
patches.suse/drm-mediatek-Only-touch-DISP_REG_OVL_PITCH_MSB-if-AF.patch
patches.suse/drm-mediatek-Add-support-for-180-degree-rotation-in-.patch
patches.suse/drm-mediatek-stop-selecting-foreign-drivers.patch
patches.suse/drm-mediatek-Fix-YCbCr422-color-format-issue-for-DP.patch
patches.suse/drm-mediatek-Fix-mode-valid-issue-for-dp.patch
patches.suse/drm-mediatek-mtk_dsi-Add-registers-to-pdata-to-fix-M.patch
patches.suse/drm-mediatek-Add-return-value-check-when-reading-DPC.patch
patches.suse/thermal-of-fix-OF-node-leak-in-of_thermal_zone_find.patch
patches.suse/hwmon-drivetemp-Fix-driver-producing-garbage-data-wh.patch
patches.suse/KVM-s390-vsie-fix-virtual-physical-address-in-unpin_scb.patch
patches.suse/KVM-s390-Reject-setting-flic-pfault-attributes-on-ucontrol-VMs.patch
patches.suse/KVM-s390-Reject-KVM_SET_GSI_ROUTING-on-ucontrol-VMs.patch
patches.suse/usb-dwc3-gadget-fix-writing-NYET-threshold.patch
patches.suse/usb-dwc3-am62-Disable-autosuspend-during-remove.patch
patches.suse/usb-host-xhci-plat-set-skip_phy_initialization-if-so.patch
patches.suse/usb-typec-tcpm-tcpci_maxim-fix-error-code-in-max_con.patch
patches.suse/usb-gadget-f_uac2-Fix-incorrect-setting-of-bNumEndpo.patch
patches.suse/USB-usblp-return-error-when-setting-unsupported-prot.patch
patches.suse/usb-gadget-configfs-Ignore-trailing-LF-for-user-stri.patch
patches.suse/usb-chipidea-ci_hdrc_imx-decrement-device-s-refcount.patch
patches.suse/usb-gadget-u_serial-Disable-ep-before-setting-port-t.patch
patches.suse/usb-typec-tcpci-fix-NULL-pointer-issue-on-shared-irq.patch
patches.suse/usb-fix-reference-leak-in-usb_new_device.patch
patches.suse/USB-core-Disable-LPM-only-for-non-suspended-ports.patch
patches.suse/usb-gadget-f_fs-Remove-WARN_ON-in-functionfs_bind.patch
patches.suse/usb-gadget-midi2-Reverse-select-at-the-right-place.patch
patches.suse/usb-typec-fix-pm-usage-counter-imbalance-in-ucsi_ccg.patch
patches.suse/tty-serial-8250-Fix-another-runtime-PM-usage-counter.patch
patches.suse/serial-stm32-use-port-lock-wrappers-for-break-contro.patch
patches.suse/staging-iio-ad9834-Correct-phase-range-check.patch
patches.suse/staging-iio-ad9832-Correct-phase-range-check.patch
patches.suse/iio-adc-ad7124-Disable-all-channels-at-probe-time.patch
patches.suse/iio-test-check-null-return-of-kunit_kmalloc-in-iio_r.patch
patches.suse/iio-gyro-fxas21002c-Fix-missing-data-update-in-trigg.patch
patches.suse/iio-imu-inv_icm42600-fix-timestamps-after-suspend-if.patch
patches.suse/iio-adc-ad4695-fix-buffered-read-single-sample-timin.patch
patches.suse/iio-adc-stm32-dfsdm-handle-label-as-an-optional-prop.patch
patches.suse/iio-adc-ti-ads1298-Add-NULL-check-in-ads1298_init.patch
patches.suse/iio-test-Fix-GTS-test-config.patch
patches.suse/iio-dummy-iio_simply_dummy_buffer-fix-information-le.patch
patches.suse/iio-adc-ti-ads8688-fix-information-leak-in-triggered.patch
patches.suse/iio-light-bh1745-fix-information-leak-in-triggered-b.patch
patches.suse/iio-light-vcnl4035-fix-information-leak-in-triggered.patch
patches.suse/iio-imu-kmx61-fix-information-leak-in-triggered-buff.patch
patches.suse/iio-adc-rockchip_saradc-fix-information-leak-in-trig.patch
patches.suse/iio-pressure-zpa2326-fix-information-leak-in-trigger.patch
patches.suse/iio-adc-ti-ads1119-fix-information-leak-in-triggered.patch
patches.suse/iio-adc-ti-ads124s08-Use-gpiod_set_value_cansleep.patch
patches.suse/iio-adc-ad7173-fix-using-shared-static-info-struct.patch
patches.suse/iio-adc-at91-call-input_free_device-on-allocated-iio.patch
patches.suse/iio-adc-ad9467-Fix-the-don-t-allow-reading-vref-if-n.patch
patches.suse/iio-inkern-call-iio_device_put-only-on-mapped-device.patch
patches.suse/iio-adc-ti-ads1119-fix-sample-size-in-scan-struct-fo.patch
patches.suse/interconnect-qcom-icc-rpm-Set-the-count-member-befor.patch
patches.suse/interconnect-icc-clk-check-return-values-of-devm_kas.patch
patches.suse/misc-microchip-pci1xxxx-Resolve-kernel-panic-during-.patch
patches.suse/misc-microchip-pci1xxxx-Resolve-return-code-mismatch.patch
# powerpc/linux next
patches.suse/powerpc-book3s64-hugetlb-Fix-disabling-hugetlb-when-fadump-is-active.patch
@@ -1942,19 +2013,28 @@
########################################################
# crypto
# hardening
patches.suse/mm-security-Move-hardened-usercopy-under-Kernel-hardening-options.patch
patches.suse/mm-security-Allow-default-HARDENED_USERCOPY-to-be-set-at-compile-time.patch
# Module signing / secure boot
patches.suse/KEYS-Make-use-of-platform-keyring-for-module-signatu.patch
# Lock down functions for secure boot
+jlee patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch
+clin patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
+jlee patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch
+jlee patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch
+jlee patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch
+clin patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
+clin patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
patches.suse/0001-security-lockdown-expose-a-hook-to-lock-the-kernel-down.patch
patches.suse/0002-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-boot-mode.patch
patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch
patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch
patches.suse/powerpc-lock-down-kernel-in-secure-boot-mode.patch
patches.suse/arm64-lock-down-kernel-in-secure-boot-mode.patch
patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch
patches.suse/0001-Lock-down-x86_64-kernel-in-secure-boot-mode-in-subsy.patch
patches.suse/0002-security-Add-a-kernel-lockdown-flag-for-early-boot-s.patch
patches.suse/0003-efi-Set-early-kernel-lock-down-flag-if-booted-in-sec.patch
patches.suse/0004-ACPI-Check-early-kernel-lockdown-flag-before-overlay.patch
patches.suse/0005-kgdb-Check-early-kernel-lockdown-flag-before-using-k.patch
# Bug 1023051 - CVE-2016-3695: kernel-source: Error injection via EINJ is allowed when securelevel is enabled
+jlee patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch
patches.suse/acpi-Disable-APEI-error-injection-if-the-kernel-is-lockeddown.patch
# Using the hash in MOKx to blacklist kernel module, FATE#316531
+jlee patches.suse/0004-MODSIGN-checking-the-blacklisted-hash-before-loading.patch

4
source-timestamp
View File

@@ -1,3 +1,3 @@
2025-01-13 08:54:04 +0000
GIT Revision: f4110803f5745e96198dcbd8132e022e9048aaf6
2025-01-14 15:27:32 +0000
GIT Revision: ed291891ed2804d2dd249f8063da18005e59bab4
GIT Branch: users/vkarasulli/SUSE-2025/for-next