SUSE-IU-2022:1067-1 SUSE Image security@suse.de SUSE Security Team SUSE Image SUSE-IU-2022:1067-1 Interim 1 1 2023-03-17T07:13:33Z current 2022-08-18T01:00:00Z 2022-08-18T01:00:00Z cve-database/bin/generate-cvrf-publiccloud.pl 2021-02-18T01:00:00Z Image update for SUSE-IU-2022:1067-1 / google/sles-15-sp4-chost-byos-v20220818-x86-64 This image update for google/sles-15-sp4-chost-byos-v20220818-x86-64 contains the following changes: Package bind was updated: - Update to release 9.16.31 This is the first of monthly updates of "/bind"/. It is planned to update bind when a new upstream maintennace release becomes available, which is usually towards the end of a month, see https://www.isc.org/blogs/2021-bind-release-model/ Compared to the previous SUSE release, in this release, 53 (minor) bugs were fixed 13 (minor) functional enhancements were made 3 security issues are now fixed upstream: CVE-2022-0396, CVE-2021-25220, CVE-2021-25219 plus a few minor changes. For a full list of changes, please refer to the CHANGES file in the source rpm. This update obsoletes the following patches: * bind-fix-build-with-older-sphinx.patch * bind-CVE-2021-25219.patch * bind-9.16.27-0001-CVE-2021-25220.patch * bind-9.16.27-0002-CVE-2022-0396.patch [bind-9.16.31.tar.xz, bind-9.16.31.tar.xz.sha512.asc, bind-9.16.20.tar.xz, bind-9.16.20.tar.xz.sha512.asc, bind-fix-build-with-older-sphinx.patch, bind-CVE-2021-25219.patch, bind-9.16.27-0001-CVE-2021-25220.patch, bind-9.16.27-0002-CVE-2022-0396.patch, jsc#SLE-24600] - When enabling query_logging by un-commenting an example in bind.conf, named attempts to create a file in /var/log which fails due to missing credentials. This also applies to the "/dump-file"/ and the "/statistics-file"/. This is solved by having systemd-tmpfiles create a subdirectory "//var/log/named"/ owned by named:named and changing the file paths accordingly: /var/log/named_querylog -> /var/log/named/querylog /var/log/named_dump.db -> /var/log/named/dump.db /var/log/named.stats -> /var/log/named/stats Also, in "/named.service"/, the ReadWritePath was changed to include "//var/log/named"/ rather than just "/var/log"/. [bsc#1200685, bind.spec, vendor-files/config/named.conf, vendor-files/system/named.service] - A non-existent initialization script (eg a leftorver "/createNamedConfInclude"/ in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] Package dracut was updated: - Update to version 055+suse.279.g3b3c36b2: * fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) * fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) * fix(convertfs): ignore commented lines in fstab (bsc#1200251) * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - Update to version 055+suse.271.g70f710e4: * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) * fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) * fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) * fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) * fix(bluetooth): make hostonly configuration files optional (bsc#1195047) Package gpg2 was updated: - Security fix [CVE-2022-34903, bsc#1201225] - Vulnerable to status injection - Added patch gnupg-CVE-2022-34903.patch - gnupg-detect_FIPS_mode.patch: use AES as default cipher instead of 3DES if we are in FIPS mode. (bsc#1196125) Package hwinfo was updated: - merge gh#openSUSE/hwinfo#113- Keep NVMe's namespace output consistency when nvme_core.multipath=1 (bsc#1199948) - 21.82 Package kernel-default was updated: - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - commit 62d2eea - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (CVE-2022-2585 bsc#1202094). - commit 2decf97 - x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726 CVE-2022-26373). - commit e9f7bfc - x86/speculation: Add RSB VM Exit protections (bsc#1201726 CVE-2022-26373). - commit 87cc728 - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - commit f226af5 - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - commit 935d297 - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - commit 154606a - net/sched: cls_u32: fix netns refcount changes in u32_change() (CVE-2022-29581 bsc#1199665). - commit 6f81977 - blacklist.conf: This is a cleanup, not fixing any bug - commit 6f050ff - tee: fix put order in teedev_close_context() (git-fixes). - commit 1650ec3 - blacklist.conf: duplicate - commit 1c70642 - random: fix typo in comments (git-fixes). - commit 6de6114 - blacklist.conf: breaks kABI for a cleanup - commit 678666e - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - commit 0fb6e8a - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Refresh patches.suse/Bluetooth-btusb-Add-one-more-Bluetooth-part-for-WCN6.patch. - commit 91ad5ba - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - commit 4c3e250 - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - commit 11d19f6 - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - commit 91f9b43 - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - commit 0e13b0d - blacklist.conf: add commit 7acae6183cf3 I blacklisted the wrong commit: instead of adding 7acae6183cf3, I added the commit that introduced the bug fixed by it (which isn't present in SLE15-SP4). - commit 8ec5489 - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - commit 5dd0ec2 - net: bcmgenet: skip invalid partial checksums (git-fixes). - commit af8e915 - ice: Fix race condition during interface enslave (git-fixes). - commit 873e269 - net: bcmgenet: Don't claim WOL when its not available (git-fixes). - commit a981d90 - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - commit 4aa2b33 - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - commit b08b10f - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - commit 549b785 - ice: Fix error with handling of bonding MTU (git-fixes). - commit 03f6b8d - ice: stop disabling VFs due to PF error responses (git-fixes). - commit 13b5865 - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - commit 1b69809 - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - commit 8344b36 - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - commit 2faff78 - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - commit 7a76772 - Update kabi files: import symvers from MU 5.14.21-150400.24.11 - commit 5ac1ff2 - r8152: fix a WOL issue (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - Revert "/e1000e: Fix possible HW unit hang after an s0ix exit"/ (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - NFC: nxp-nci: don't print header length mismatch on i2c error (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - commit 4bd213d - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - commit 65713d7 - Move upstreamed be2net patch into sorted section - commit c55a187 - Drop doubly applied arm64 dts patch Delete patches.suse/arm64-dts-broadcom-bcm4908-Fix-timer-node-for-BCM4906-SoC.patch - commit efd9176 - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - commit eb2677a - net: ipa: add an interconnect dependency (git-fixes). - commit 94e475f - net: stmmac: fix return value of __setup handler (git-fixes). - commit 3c858ea - net: sxgbe: fix return value of __setup handler (git-fixes). - commit 723d359 - net: sparx5: Fix add vlan when invalid operation (git-fixes). - commit 1d88b17 - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - commit 74c8cc9 - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - commit 810f895 - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - commit 093ee20 - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - commit 13c2302 - Revert "/net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname"/ (git-fixes). - commit 411126e - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - commit b952b7a - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - commit 7bd7001 - blacklist.conf: add ARCnet drivers - commit 1614d85 - Sort patches from bsc#1201323 - commit 4165437 - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - commit c3b4451 - lockdown: Fix kexec lockdown bypass with ima policy (CVE-2022-21505 bsc#1201458). - commit 5f6e1e5 - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - commit e2263d4 - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). Refresh: - patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch - patches.kabi/kABI-fix-adding-field-to-scsi_device.patch - patches.suse/scsi-core-sd-Add-silence_suspend-flag-to-suppress-some-PM-messages.patch - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - dm: don't stop request queue after the dm device is suspended (bsc#1201651). - commit 4dedd62 - kabi/severities: add intel ice - commit 77a60f8 - Delete patches.suse/xhci-turn-off-port-power-in-shutdown.patch (bsc#1201691) This patch leads to a failure to power off. https://bugzilla.kernel.org/show_bug.cgi?id=216243 - commit f2d59c9 - i2c: smbus: Check for parent device before dereference (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - commit c96154e - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - commit c4e0776 - net: dsa: lan9303: fix reset on probe (git-fixes). - commit 33805f1 - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - commit c168b96 - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - commit ceff3da - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - commit c46c86b - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - commit c2f5c50 - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - commit 1ebdd4d - net: dsa: lantiq_gswip: don't use devres for mdiobus (git-fixes). - commit 93f4a90 - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - commit 76cc859 - ethtool: Fix get module eeprom fallback (bsc#1201323). - commit f5666fa - nvme: wait until quiesce is done (bsc#1201651). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - commit d28bf38 - arm64: cpufeature: add HWCAP for FEAT_RPRES (git-fixes) Refresh patches.suse/0019-arm64-Use-the-clearbhb-instruction-in-mitigations.patch - commit cbc315a - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - commit b3a2425 - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - commit def3ab7 - net: dsa: felix: don't use devres for mdiobus (git-fixes). - commit a03978a - net: dsa: bcm_sf2: don't use devres for mdiobus (git-fixes). - commit 682abc6 - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - commit 6f8e329 - net: dsa: mv88e6xxx: don't use devres for mdiobus (git-fixes). - commit 61ee304 - gve: Recording rx queue before sending to napi (git-fixes). - commit 6edbff0 - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - commit 2479d47 - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - commit ea855e1 - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - commit 993d341 - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - commit 3b02b3e - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - commit d048544 - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - commit 741baff - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - commit 6f75240 - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - commit c68ab05 - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - commit 46a7cc8 - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - commit 904137a - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - commit fe79137 - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - commit cf06848 - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - commit 92bd067 - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - commit 7ae5bdc - tun: fix bonding active backup with arp monitoring (git-fixes). - commit cf865a3 - Update patch references for fbcon fixes (CVE-2021-33655 bsc#1201635) - commit eb3d075 - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - commit f21578a - blacklist.conf: Add memcg/rstat optimizations 11192d9c124d fd25a9e0e23b 5b3be698a872 - commit 932b7ef - blacklist.conf: Add 26d5badbccdd signal: Implement force_fatal_sig - commit 1fe0fd9 - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - commit e2af2db - kABI workaround for snd-soc-rt5682-* (git-fixes). - kabi/severities: ignore dropped symbol rt5682_headset_detect - commit 5e19e6d - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - commit 59356c4 - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - commit 3831453 - net: amd-xgbe: Fix skb data length underflow (git-fixes). - commit 50d3988 - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - commit b59b0a9 - blacklist: added commit e1a4541ec0b9 - commit 7d0447e - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - commit 6cefa9d - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - commit 8aa4851 - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - commit d65aa35 - net: sfp: ignore disabled SFP node (git-fixes). - commit 5b8ce08 - octeontx2-pf: Forward error codes to VF (git-fixes). - commit 562327e - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - commit b549cad - octeontx2-af: Do not fixup all VF action entries (git-fixes). - commit dd1aa95 - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - commit e3e3f07 - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - commit 1470b40 - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - commit f842d14 - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - commit 6cf1273 - net: mscc: ocelot: fix using match before it is set (git-fixes). - commit 78b3f03 - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - commit cfa26bb - net: axienet: increase default TX ring size to 128 (git-fixes). - commit d910ea1 - net: axienet: fix for TX busy handling (git-fixes). - commit 99e0d80 - net: axienet: fix number of TX ring slots for available check (git-fixes). - commit 0c7e435 - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim doesn't write the inode (bsc#1201592). - commit 938aae2 - net: axienet: Fix TX ring slot available check (git-fixes). - commit c151ff3 - net: axienet: limit minimum TX ring size (git-fixes). - commit 13afdcb - net: axienet: add missing memory barriers (git-fixes). - commit d466816 - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - commit 7c11a1f - net: axienet: increase reset timeout (git-fixes). - commit 5cd6041 - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - commit 8a29229 - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - commit 7d643fb - bcmgenet: add WOL IRQ check (git-fixes). - commit d56437b - net: ipa: prevent concurrent replenish (git-fixes). - commit 63abe4d - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - commit 4d71717 - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - commit f58c0c8 - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - commit 2af3cae - rocker: fix a sleeping in atomic bug (git-fixes). - commit 75f1355 - kABI workaround for phy_device changes (git-fixes). - commit 91e246e - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mm: don't try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - commit 4d0f0a6 - Update patch metadata and move to sorted section patches.suse/mm-page_alloc-Do-not-prefetch-buddies-during-bulk-free.patch. patches.suse/mm-page_alloc-Drain-the-requested-list-first-during-bulk-free.patch. patches.suse/mm-page_alloc-Fetch-the-correct-pcp-buddy-during-bulk-free.patch. patches.suse/mm-page_alloc-Free-pages-in-a-single-pass-during-bulk-free.patch. patches.suse/mm-page_alloc-Limit-number-of-high-order-pages-on-PCP-during-bulk-free.patch. patches.suse/mm-page_alloc-Simplify-how-many-pages-are-selected-per-pcp-list-during-bulk-free.patch. patches.suse/mm-page_alloc-Track-range-of-active-PCP-lists-during-bulk-free.patch. - commit 14b9fbe - usbnet: fix memory leak in error case (git-fixes). - commit 7372d17 - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - commit 9119799 - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - commit 0d8f996 - arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - commit 3250248 - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - commit d8e5343 - blacklist.conf: ffc95a46: CONFIG_SLAB not set in config - commit d12fa0c - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - commit 3919bf9 - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - commit 2f456a6 - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - Revert "/serial: sc16is7xx: Clear RS485 bits in the shutdown"/ (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - commit f48404b - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - net: phy: Don't trigger state machine while in suspend (git-fixes). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - commit 8948cad - kABI workaround for rtsx_usb (git-fixes). - commit ea7f901 - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ida: don't use BUG_ON() for debugging (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - commit 41d4678 - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - commit 5a5128b - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - commit d7feb0b - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - Revert "/can: xilinx_can: Limit CANFD brp to 2"/ (git-fixes). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - batman-adv: Use netif_rx() (git-fixes). - commit ee36772 - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - commit 46eda4a - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - commit e9387c5 - ASoC: rt5682: Fix deadlock on resume (git-fixes). - Refresh patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch. - commit b58000f - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - Refresh patches.suse/ASoC-rt5682-do-not-block-workqueue-if-card-is-unboun.patch. - commit e602e5e - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - commit 9f44c25 - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - commit 72aed94 - Move upstreamed netfilter and tty patches to sorted section - commit 9d5e117 - x86/bugs: Remove apostrophe typo (bsc#1190497). - commit 0e5e638 - Sort in RETbleed backport into the sorted section Now that it is upstream... - Refresh patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch. - Refresh patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch. - Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch. - Refresh patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch. - Refresh patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch. - Refresh patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch. - Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch. - Refresh patches.suse/objtool-Re-add-UNWIND_HINT_-SAVE_RESTORE.patch. - Refresh patches.suse/objtool-Treat-.text.__x86.-as-noinstr.patch. - Refresh patches.suse/objtool-Update-Retpoline-validation.patch. - Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch. - Refresh patches.suse/x86-Undo-return-thunk-damage.patch. - Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch. - Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch. - Refresh patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch. - Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch. - Refresh patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch. - Refresh patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch. - Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch. - Refresh patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch. - Refresh patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch. - Refresh patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch. - Refresh patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch. - Refresh patches.suse/x86-common-Stamp-out-the-stepping-madness.patch. - Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch. - Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch. - Refresh patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch. - Refresh patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch. - Refresh patches.suse/x86-ftrace-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch. - Refresh patches.suse/x86-kvm-vmx-Make-noinstr-clean.patch. - Refresh patches.suse/x86-objtool-Create-.return_sites.patch. - Refresh patches.suse/x86-retpoline-Cleanup-some-ifdefery.patch. - Refresh patches.suse/x86-retpoline-Swizzle-retpoline-thunk.patch. - Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch. - Refresh patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch. - Refresh patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch. - Refresh patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch. - Refresh patches.suse/x86-speculation-Fix-RSB-filling-with-CONFIG_RETPOLINE-n.patch. - Refresh patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch. - Refresh patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch. - Refresh patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch. - Refresh patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch. - Refresh patches.suse/x86-static_call-Use-alternative-RET-encoding.patch. - Refresh patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch. - Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch. - commit cc67fa3 - kABI: fix adding field to ufs_hba (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Don't call kcalloc() if size arg is zero (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - commit fb67102 - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - commit 9992992 - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - commit 3de312d - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - commit 1a42a36 - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - commit 82fef3c - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - commit 3585cf1 - kabi/severities: add stmmac network driver local symbols - commit 832dcf3 - ppp: ensure minimum packet size in ppp_write() (git-fixes). - commit 1871bcf - veth: Do not record rx queue hint in veth_xmit (git-fixes). - commit 4e81b53 - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - commit 89745b1 - net: stmmac: Add platform level debug register dump feature (git-fixes). - commit 1f1e295 - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - commit 1ea5bd4 - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - commit 21661cb - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - commit bdd4068 - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - commit 100c8d7 - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - commit c8a3960 - veth: ensure skb entering GRO are not cloned (git-fixes). - commit de7c3ec - net: ks8851: Check for error irq (git-fixes). - commit c6aa897 - drivers: net: smc911x: Check for error irq (git-fixes). - commit 76302d7 - fjes: Check for error irq (git-fixes). - commit 3518c05 - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - commit caea254 - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - commit ca205ab - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - commit d928a50 - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - commit c13727a - netdevsim: don't overwrite read only ethtool parms (git-fixes). - commit e49332e - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - commit 14806b1 - net: mvpp2: fix XDP rx queues registering (git-fixes). - commit 785d73e - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - commit e300fac - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - commit 1aeafc7 - qede: validate non LSO skb length (git-fixes). - commit a6a6f45 - net: altera: set a couple error code in probe() (git-fixes). - commit 4b6f9c2 - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - commit 57e402c - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - commit 823f883 - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - commit ab94872 - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - commit eb079a6 - natsemi: xtensa: fix section mismatch warnings (git-fixes). - commit dbb5264 - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - commit 1aeeaf7 - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - commit f25bb21 - Remove Half duplex mode speed capabilities (git-fixes). - commit 92878dd - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - commit de8c06a - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - commit a6567bd - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - commit 6d547bd - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - commit 4e89e84 - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - commit 6cf809d - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - commit f025bf7 - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - commit f8d4262 - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - commit e187f9a - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - commit f0be9d3 - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - commit 55e4b0b - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - commit 45eae59 - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - commit 3f5e1a3 - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - commit 58f5e5f - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - commit 47fa6c7 - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - commit d323c6e - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - commit 3dd00f6 - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - commit 3c0a341 - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - commit 6cd5dd2 - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - commit cd979cf - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - commit e64c29a - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - commit 755232f - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - commit 2c9f726 - blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL - commit 0702138 - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "/i2c: smbus: Use device_*() functions instead of of_*()"/ - commit d0b5048 Package ldb was updated: - Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all changes for ldb-2.4.4. + CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). + CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); + CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). - Update to version 2.4.3 + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Package libxml2 was updated: - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build - Build python bindings in a 2nd run, using multibuild: otherwise, libxml2 requires pkgconfig(libxml-2.0) to build, causing issues to bootstrap. - Update to version 2.9.13: * Security fixes: + [CVE-2022-23308] Use-after-free of ID and IDREF attributes (boo#1196490); + Several memory leaks and another issues. * Many regressions fixes. * Numerous bug fixes, including, among many others: + xmllint's --maxmem option should work as expected now; + xmllint now returns an error if arguments are missing. * Numerous tests and code and fuzzing fixes and improvements. * Updated documentation. - The full Libxml2 2.9.13 NEWS can be found here: https://download.gnome.org/sources/libxml2/2.9/+ libxml2-2.9.13.news. - Replace version-release macros in all 3 Obsoletes tag with plain 2.9.13 to avoid unwanted behaviors in the future. - Remove dropped upstream AUTHORS file from list of files to be installed in the documentation location with 'cp' command. - Update http://xmlsoft.org URL tag to Libxml2's new web home: https://gitlab.gnome.org/GNOME/libxml2. - Update ftp://xmlsoft.org Source tag to Libxml2's new download host: https://download.gnome.org. - Drop deprecated Python-2-related macro definitions/conditional statement from spec file. - Drop merged upstream patches: libxml2-fix-lxml-corrupted-subtree-structures.patch; libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch. - Drop libxml2.keyring source file as the new download host doesn't offer GPG signatures. - Use ldconfig_scriptlets macro for post(un) handling. * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879), CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928) - Security fix: [bsc#1185698, CVE-2021-3537] decompression (boo#1088279 boo#1105166). (boo#1102046). Package libzypp was updated: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag. - version 17.30.2 (22) - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh. - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived. (bsc#1199042) - singletrans: no dry-run commit if doing just download-only. - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER (fixes #388) - version 17.30.1 (22) Package ncurses was updated: - Add patch ncurses-bnc1198627.patch * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read Package pcre2 was updated: - Added pcre2-bsc1199235-CVE-2022-1587.patch * CVE-2022-1587 / bsc#1199235 * Fix out-of-bounds read due to bug in recursions * Sourced from: - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 Package permissions was updated: * postfix: add postlog setgid for maildrop binary (bsc#1201385)- Update to version 20201225: * apptainer: fix starter-suid location (bsc#1198720) - Update to version 20201225: * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) - Update to version 20201225: Package samba was updated: - CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). - CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). - CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). - CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493). - Update to 4.15.8 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). Package tar was updated: - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch Package xen was updated: - Added --disable-pvshim when running configure in xen.spec. We have never shipped the shim and don't need to build it. - bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition in typeref acquisition 62a1e594-x86-clean-up-_get_page_type.patch 62a1e5b0-x86-ABAC-race-in-_get_page_type.patch - bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen: Insufficient care with non-coherent mappings 62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch 62a1e5f0-x86-dont-change-cacheability-of-directmap.patch 62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch 62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch 62a1e649-x86-track-and-flush-non-coherent.patch - bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166: xen: x86: MMIO Stale Data vulnerabilities (XSA-404) 62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch 62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch 62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch - bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900: xen: retbleed - arbitrary speculative code execution with return instructions (XSA-407) 62cc31ed-x86-honour-spec-ctrl-0-for-unpriv-mmio.patch 62cc31ee-cmdline-extend-parse_boolean.patch 62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch 62cd91d0-x86-spec-ctrl-rework-context-switching.patch 62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch 62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch 62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch 62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch 62cd91d5-x86-cpuid-BTC_NO-enum.patch 62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch 62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch - Upstream bug fixes (bsc#1027519) 62a99614-IOMMU-x86-gcc12.patch 62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch 62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch - Drop patches replaced by upstream versions xsa401-1.patch xsa401-2.patch xsa402-1.patch xsa402-2.patch xsa402-3.patch xsa402-4.patch xsa402-5.patch - bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) xsa408.patch - Fix gcc13 compilation error 62c56cc0-libxc-fix-compilation-error-with-gcc13.patch - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. Package yaml-cpp was updated: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171, yaml-cpp-abi-breakage.patch). Package zypper was updated: - Basic JobReport for "/cmdout/monitor"/.- versioncmp: if verbose, also print the edition 'parts' which are compared. - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally (fixes #433) - Honor the NO_COLOR environment variable when auto-detecting whether to use color (fixes #432) - Define table columns which should be sorted natural [case insensitive] (fixes #391, closes #396, fixes #424) - lr/ls: Use highlight color on name and alias as well. - version 1.14.53 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://publiccloudimagechangeinfo.suse.com/google/sles-15-sp4-chost-byos-v20220818-x86-64/ Public Cloud Image Info https://www.suse.com/support/security/rating/ SUSE Security Ratings Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 bind-utils-9.16.31-150400.5.6.1 dracut-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 gpg2-2.2.27-150300.3.5.1 hwinfo-21.82-150400.3.3.1 kernel-default-5.14.21-150400.24.18.1 libldb2-2.4.3-150400.4.8.1 libncurses6-6.1-150000.5.12.1 libpcre2-8-0-10.39-150400.4.6.1 libxml2-2-2.9.14-150400.5.7.1 libyaml-cpp0_6-0.6.3-150400.4.3.1 libzypp-17.30.2-150400.3.3.1 ncurses-utils-6.1-150000.5.12.1 permissions-20201225-150400.5.8.1 python3-bind-9.16.31-150400.5.6.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 tar-1.34-150000.3.18.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 xen-libs-4.16.1_06-150400.4.8.1 zypper-1.14.53-150400.3.3.1 bind-utils-9.16.31-150400.5.6.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 dracut-055+suse.279.g3b3c36b2-150400.3.5.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 gpg2-2.2.27-150300.3.5.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 hwinfo-21.82-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 kernel-default-5.14.21-150400.24.18.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 libldb2-2.4.3-150400.4.8.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 libncurses6-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 libpcre2-8-0-10.39-150400.4.6.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 libxml2-2-2.9.14-150400.5.7.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 libyaml-cpp0_6-0.6.3-150400.4.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 libzypp-17.30.2-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 ncurses-utils-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 permissions-20201225-150400.5.8.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 python3-bind-9.16.31-150400.5.6.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 tar-1.34-150000.3.18.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 terminfo-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 terminfo-base-6.1-150000.5.12.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 xen-libs-4.16.1_06-150400.4.8.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 zypper-1.14.53-150400.3.3.1 as a component of Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2019-20388 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libxml2-2-2.9.14-150400.5.7.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. CVE-2021-25219 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:bind-utils-9.16.31-150400.5.6.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:python3-bind-9.16.31-150400.5.6.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. CVE-2021-25220 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:bind-utils-9.16.31-150400.5.6.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:python3-bind-9.16.31-150400.5.6.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:P/A:N When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. CVE-2021-33655 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:kernel-default-5.14.21-150400.24.18.1 important There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. CVE-2021-3518 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libxml2-2-2.9.14-150400.5.7.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. CVE-2021-3537 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libxml2-2-2.9.14-150400.5.7.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. CVE-2021-3541 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libxml2-2-2.9.14-150400.5.7.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. CVE-2022-0396 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:bind-utils-9.16.31-150400.5.6.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:python3-bind-9.16.31-150400.5.6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. CVE-2022-1587 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libpcre2-8-0-10.39-150400.4.6.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. CVE-2022-2031 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libldb2-2.4.3-150400.4.8.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 important Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21123 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:xen-libs-4.16.1_06-150400.4.8.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-21505 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:kernel-default-5.14.21-150400.24.18.1 moderate valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libxml2-2-2.9.14-150400.5.7.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. CVE-2022-23816 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:xen-libs-4.16.1_06-150400.4.8.1 moderate ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-2585 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:kernel-default-5.14.21-150400.24.18.1 important x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. CVE-2022-26362 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:xen-libs-4.16.1_06-150400.4.8.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. CVE-2022-26363 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:xen-libs-4.16.1_06-150400.4.8.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2022-26373 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:kernel-default-5.14.21-150400.24.18.1 moderate ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. CVE-2022-29458 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libncurses6-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:ncurses-utils-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:terminfo-6.1-150000.5.12.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:terminfo-base-6.1-150000.5.12.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. CVE-2022-29581 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:kernel-default-5.14.21-150400.24.18.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVE-2022-29824 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libxml2-2-2.9.14-150400.5.7.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). CVE-2022-32742 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 important A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. CVE-2022-32744 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libldb2-2.4.3-150400.4.8.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 important A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. CVE-2022-32745 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:libldb2-2.4.3-150400.4.8.1 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 moderate A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. CVE-2022-32746 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 moderate insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. CVE-2022-33745 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:xen-libs-4.16.1_06-150400.4.8.1 important GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. CVE-2022-34903 Public Cloud Image google/sles-15-sp4-chost-byos-v20220818-x86-64:gpg2-2.2.27-150300.3.5.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N