SUSE-SU-2024:2802-1

Опубликовано: 07 авг. 2024

Источник: suse-cvrf

Описание

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600).
CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057).
CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463).
CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438).
CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779).
CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010).
CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731).
CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804).
CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807).
CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740).
CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422)
CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490)
CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589).
CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544).
CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866).
CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434).
CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719).
CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723)
CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757).
CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789).
CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788).
CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803).
CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801).
CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926).
CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).

The following non-security bugs were fixed:

ACPI: EC: Abort address space access upon error (stable-fixes).
ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
ALSA: PCM: Allow resume only for suspended streams (stable-fixes).
ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes).
ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
ALSA: emux: improve patch ioctl data validation (stable-fixes).
ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269).
ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269).
ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes).
ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes).
ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes).
ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
ALSA: seq: ump: Skip useless ports for static blocks (git-fixes).
ALSA: ump: Do not update FB name for static blocks (git-fixes).
ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes).
ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes).
ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes).
ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes).
ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes).
ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes).
ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes).
ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes).
ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes).
ASoC: amd: Adjust error handling in case of absent codec device (git-fixes).
ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes).
ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269).
ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes).
ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes).
ASoC: max98088: Check for clk_prepare_enable() error (git-fixes).
ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
ASoC: rt711-sdw: add missing readable registers (stable-fixes).
ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes).
ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes).
ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes).
ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
ASoC: topology: Do not assign fields that are already set (stable-fixes).
ASoC: topology: Fix references to freed memory (stable-fixes).
ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes).
Bluetooth: ISO: Check socket flag instead of hcon (git-fixes).
Bluetooth: Ignore too large handle values in BIG (git-fixes).
Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes).
Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes).
Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes).
Bluetooth: hci_bcm4377: Fix msgid release (git-fixes).
Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes).
Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes).
Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes).
Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes).
Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701).
HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes).
HID: wacom: Modify pen IDs (git-fixes).
Input: ads7846 - use spi_device_id table (stable-fixes).
Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes).
Input: qt1050 - handle CHIP_ID reading error (git-fixes).
Input: silead - Always support 10 fingers (stable-fixes).
Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes).
KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes).
KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes).
KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes).
KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes).
NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes).
NFSv4.1 enforce rootpath check in fs_location query (git-fixes).
NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362).
NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
PCI: Do not wait for disconnected devices when resuming (git-fixes).
PCI: Extend ACS configurability (bsc#1228090).
PCI: Fix resource double counting on remove & rescan (git-fixes).
PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes).
PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes).
PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes).
PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes).
PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes).
PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes).
PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes).
PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes).
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363).
RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
RDMA/restrack: Fix potential invalid address access (git-fixes)
Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes).
Revert 'gfs2: fix glock shrinker ref issues' (git-fixes).
Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149).
Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149).
Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149).
SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
USB: serial: mos7840: fix crash on resume (git-fixes).
USB: serial: option: add Fibocom FM350-GL (stable-fixes).
USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
USB: serial: option: add Rolling RW350-GL variants (stable-fixes).
USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
USB: serial: option: add Telit generic core-dump composition (stable-fixes).
USB: serial: option: add support for Foxconn T99W651 (stable-fixes).
Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed.
Update config files for mt76 stuff (bsc#1227149)
Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149)
Update config files: update for the realtek wifi driver updates (bsc#1227149)
X.509: Fix the parser of extended key usage for length (bsc#1218820).
arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
arm64/io: add constant-argument check (bsc#1226502 git-fixes)
arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes)
arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes)
arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes)
arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes)
arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes)
arm64: dts: rockchip: Add sdmmc related properties on (git-fixes)
arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes)
arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes)
arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes)
arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes)
arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes)
arm64: dts: rockchip: Fix the value of dlg,jack-det-rate mismatch (git-fixes)
arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes)
arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes)
arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes).
auxdisplay: ht16k33: Drop reference after LED registration (git-fixes).
block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213).
bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes).
bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149).
bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes).
ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417).
char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172).
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes).
clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes).
clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes).
clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes).
config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859)
cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes).
cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes).
crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768).
crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768).
crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes).
crypto: ecdh - explicitly zeroize private_key (stable-fixes).
crypto: ecdsa - Fix the public key format description (git-fixes).
crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes).
crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes).
decompress_bunzip2: fix rare decompression failure (git-fixes).
devres: Fix devm_krealloc() wasting memory (git-fixes).
devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
dlm: fix user space lock decision to copy lvb (git-fixes).
dma: fix call order in dmam_free_coherent (git-fixes).
dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes).
docs: crypto: async-tx-api: fix broken code example (git-fixes).
drivers/xen: Improve the late XenStore init protocol (git-fixes).
drivers: soc: xilinx: check return status of get_api_version() (git-fixes).
drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes).
drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes).
drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
drm/amd/display: Add refresh rate range check (stable-fixes).
drm/amd/display: Check index msg_id before read or write (stable-fixes).
drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes).
drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes).
drm/amd/display: Fix refresh rate range for some panel (stable-fixes).
drm/amd/display: Fix uninitialized variables in DM (stable-fixes).
drm/amd/display: Move 'struct scaler_data' off stack (git-fixes).
drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes).
drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes).
drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes).
drm/amd/display: Workaround register access in idle race with cursor (stable-fixes).
drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes).
drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
drm/amd/pm: remove logically dead code for renoir (git-fixes).
drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
drm/amdgpu: Fix memory range calculation (git-fixes).
drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
drm/amdgpu: Indicate CU havest info to CP (stable-fixes).
drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes).
drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
drm/amdgpu: fix locking scope when flushing tlb (stable-fixes).
drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes).
drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
drm/amdgpu: silence UBSAN warning (stable-fixes).
drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes).
drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes).
drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes).
drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes).
drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes).
drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
drm/exynos: dp: drop driver owner initialization (stable-fixes).
drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes).
drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes).
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes).
drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
drm/lima: fix shared irq handling on driver remove (stable-fixes).
drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes).
drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
drm/mediatek: Add missing plane settings when async update (git-fixes).
drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes).
drm/mediatek: Fix XRGB setting error in Mixer (git-fixes).
drm/mediatek: Fix XRGB setting error in OVL (git-fixes).
drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes).
drm/mediatek: Fix destination alpha error in OVL (git-fixes).
drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes).
drm/mediatek: Set DRM mode configs accordingly (git-fixes).
drm/mediatek: Support DRM plane alpha in Mixer (git-fixes).
drm/mediatek: Support DRM plane alpha in OVL (git-fixes).
drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes).
drm/mediatek: Turn off the layers with zero width or height (git-fixes).
drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes).
drm/meson: fix canvas release in bind function (git-fixes).
drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes).
drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
drm/msm/dpu: fix encoder irq wait skip (git-fixes).
drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes).
drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes).
drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes).
drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes).
drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
drm/qxl: Add check for drm_cvt_mode (git-fixes).
drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes).
drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes).
drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes).
drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).
drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes).
drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes).
eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes).
eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes).
exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).
f2fs: fix error path of __f2fs_build_free_nids (git-fixes).
filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
firmware: cs_dsp: Return error if block header overflows file (git-fixes).
firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
firmware: cs_dsp: Validate payload length before processing block (git-fixes).
firmware: dmi: Stop decoding on broken entry (stable-fixes).
firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
fs/file: fix the check in find_next_fd() (git-fixes).
fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
fuse: verify {g,u}id mount options correctly (bsc#1228193).
gfs2: Do not forget to complete delayed withdraw (git-fixes).
gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes).
gfs2: Fix invalid metadata access in punch_hole (git-fixes).
gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes).
gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes).
gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes).
gfs2: convert to ctime accessor functions (git-fixes).
gpio: mc33880: Convert comma to semicolon (git-fixes).
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes).
hfsplus: fix to avoid false alarm of circular locking (git-fixes).
hfsplus: fix uninit-value in copy_name (git-fixes).
hpet: Support 32-bit userspace (git-fixes).
hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes).
hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes).
i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes).
i2c: mark HostNotify target address as used (git-fixes).
i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes).
i2c: rcar: bring hardware to known state when probing (git-fixes).
i2c: testunit: avoid re-issued work after read message (git-fixes).
i2c: testunit: correct Kconfig description (git-fixes).
i40e: fix: remove needless retries of NVM update (bsc#1227736).
iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes).
iio: frequency: adrf6780: rm clk provider include (git-fixes).
iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes).
iio: pressure: fix some word spelling errors (stable-fixes).
input: Add event code for accessibility key (stable-fixes).
input: Add support for 'Do Not Disturb' (stable-fixes).
interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes).
iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767).
iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767).
iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes).
iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes).
ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes).
iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149).
iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149).
iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149).
iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149).
jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
kABI workaround for wireless updates (bsc#1227149).
kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149)
kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored
kabi/severities: cover all mt76 modules (bsc#1227149)
kabi/severities: ignore amd pds internal symbols
kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers
kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes).
kconfig: gconf: give a proper initial state to the Save button (stable-fixes).
kconfig: remove wrong expr_trans_bool() (stable-fixes).
kernel-binary: vdso: Own module_dir
knfsd: LOOKUP can return an illegal error value (git-fixes).
kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
kprobe/ftrace: bail out if ftrace was killed (git-fixes).
kprobe/ftrace: fix build error due to bad function definition (git-fixes).
kunit: Fix checksum tests on big endian CPUs (git-fixed).
leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes).
leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes).
leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
leds: triggers: Flush pending brightness before activating trigger (git-fixes).
lib: objagg: Fix general protection fault (git-fixes).
lib: objagg: Fix spelling (git-fixes).
lib: test_objagg: Fix spelling (git-fixes).
libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192).
mISDN: Fix a use after free in hfcmulti_tx() (git-fixes).
mISDN: fix MISDN_TIME_STAMP handling (git-fixes).
mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes).
mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes).
media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
media: dvbdev: Initialize sbuf (stable-fixes).
media: dw2102: Do not translate i2c read into write (stable-fixes).
media: dw2102: fix a potential buffer overflow (git-fixes).
media: i2c: Fix imx412 exposure control (git-fixes).
media: imon: Fix race getting ictx->lock (git-fixes).
media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes).
media: imx-jpeg: Remove some redundant error logs (git-fixes).
media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes).
media: pci: ivtv: Add check for DMA map result (git-fixes).
media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes).
media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes).
media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes).
media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
media: uvcvideo: Override default flags (git-fixes).
media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes).
media: v4l: subdev: Fix typo in documentation (git-fixes).
media: venus: fix use after free in vdec_close (git-fixes).
media: venus: flush all buffers in output plane streamoff (git-fixes).
mei: demote client disconnect warning on suspend to debug (stable-fixes).
mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
mfd: pm8008: Fix regmap irq chip initialisation (git-fixes).
misc: fastrpc: Avoid updating PD type for capability request (git-fixes).
misc: fastrpc: Copy the complete capability structure to user (git-fixes).
misc: fastrpc: Fix DSP capabilities request (git-fixes).
misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes).
misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes).
misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes).
mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149).
mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149).
mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
net/dcb: check for detached device before executing callbacks (bsc#1215587).
net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149).
net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149).
net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149).
net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502)
net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes).
net: mana: Fix possible double free in error handling path (git-fixes).
net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes).
net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes).
net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes).
nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
nfs: Block on write congestion (bsc#1218442).
nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442).
nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442).
nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes).
nfs: Properly initialize server->writeback (bsc#1218442).
nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes).
nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
nfs: keep server info for remounts (git-fixes).
nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes).
nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
nilfs2: fix inode number range checks (stable-fixes).
ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes).
ocfs2: fix races between hole punching and AIO+DIO (git-fixes).
ocfs2: use coarse time for new created files (git-fixes).
orangefs: fix out-of-bounds fsid access (git-fixes).
pNFS/filelayout: fixup pNfs allocation modes (git-fixes).
phy: cadence-torrent: Check return value on register read (git-fixes).
pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes).
pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes).
pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes).
pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes).
pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes).
pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes).
pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes).
pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes).
pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes).
platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes).
platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes).
platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes).
power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes).
powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770).
powerpc/prom: Add CPU info to hardware description string later (bsc#1215199).
powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
pwm: stm32: Always do lazy disabling (git-fixes).
regmap-i2c: Subtract reg size from max_write (stable-fixes).
remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes).
remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes).
remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes).
remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes).
rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
rtc: abx80x: Fix return value of nvmem callback on read (git-fixes).
rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
s390: Implement __iowrite32_copy() (bsc#1226502)
s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
selftests: fix OOM in msg_zerocopy selftest (git-fixes).
selftests: make order checking verbose in msg_zerocopy selftest (git-fixes).
serial: imx: Raise TX trigger level to 8 (stable-fixes).
smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172).
smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172).
smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172).
smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172).
smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172).
smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172).
soc: qcom: pdr: fix parsing of domains lists (git-fixes).
soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes).
soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes).
soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes).
soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes).
spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes).
spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes).
spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes).
spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes).
spi: microchip-core: fix the issues in the isr (git-fixes).
spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes).
spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes).
spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes).
sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644)
supported.conf: mark vdpa modules supported (jsc#PED-8954)
supported.conf: update for mt76 stuff (bsc#1227149)
thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes).
tools/memory-model: Fix bug in lock.cat (git-fixes).
tools/power turbostat: Remember global max_die_id (stable-fixes).
tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes).
tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
tracing: Build event generation tests only as modules (git-fixes).
usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes).
usb: dwc3: core: Workaround for CSR read timeout (stable-fixes).
usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes).
usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
usb: gadget: printer: SS+ support (stable-fixes).
usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
usb: typec: ucsi: Never send a lone connector change ack (stable-fixes).
usb: ucsi: stm32: fix command completion handling (git-fixes).
usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes).
vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes).
watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes).
watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes).
watchdog: rzn1: Convert comma to semicolon (git-fixes).
wifi: add HAS_IOPORT dependencies (bsc#1227149).
wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149).
wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149).
wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149).
wifi: ath10k: Drop checks that are always false (bsc#1227149).
wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149).
wifi: ath10k: Fix a few spelling errors (bsc#1227149).
wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149).
wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149).
wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149).
wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149).
wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149).
wifi: ath10k: Use list_count_nodes() (bsc#1227149).
wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149).
wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149).
wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149).
wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149).
wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149).
wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149).
wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149).
wifi: ath10k: improve structure padding (bsc#1227149).
wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149).
wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149).
wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149).
wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149).
wifi: ath10k: remove unused template structs (bsc#1227149).
wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149).
wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149).
wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149).
wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149).
wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149).
wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149).
wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149).
wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149).
wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149).
wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149).
wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149).
wifi: ath11k: Consolidate WMI peer flags (bsc#1227149).
wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149).
wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149).
wifi: ath11k: EMA beacon support (bsc#1227149).
wifi: ath11k: Fix a few spelling errors (bsc#1227149).
wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149).
wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149).
wifi: ath11k: MBSSID beacon support (bsc#1227149).
wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149).
wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149).
wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149).
wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149).
wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149).
wifi: ath11k: Remove cal_done check during probe (bsc#1227149).
wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149).
wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149).
wifi: ath11k: Remove struct ath11k::ops (bsc#1227149).
wifi: ath11k: Remove unneeded semicolon (bsc#1227149).
wifi: ath11k: Remove unused declarations (bsc#1227149).
wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149).
wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149).
wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149).
wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149).
wifi: ath11k: Use device_get_match_data() (bsc#1227149).
wifi: ath11k: Use list_count_nodes() (bsc#1227149).
wifi: ath11k: add WMI event debug messages (bsc#1227149).
wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149).
wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149).
wifi: ath11k: add firmware-2.bin support (bsc#1227149).
wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149).
wifi: ath11k: add parse of transmit power envelope element (bsc#1227149).
wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149).
wifi: ath11k: add support for QCA2066 (bsc#1227149).
wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149).
wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149).
wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149).
wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149).
wifi: ath11k: constify MHI channel and controller configs (bsc#1227149).
wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149).
wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149).
wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149).
wifi: ath11k: do not use %pK (bsc#1227149).
wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149).
wifi: ath11k: dp: cleanup debug message (bsc#1227149).
wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149).
wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149).
wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149).
wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149).
wifi: ath11k: factory test mode support (bsc#1227149).
wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149).
wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149).
wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149).
wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes).
wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149).
wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149).
wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149).
wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149).
wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149).
wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149).
wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes).
wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
wifi: ath11k: hal: cleanup debug message (bsc#1227149).
wifi: ath11k: htc: cleanup debug messages (bsc#1227149).
wifi: ath11k: initialize eirp_power before use (bsc#1227149).
wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149).
wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149).
wifi: ath11k: move pci.ops registration ahead (bsc#1227149).
wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149).
wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149).
wifi: ath11k: pci: cleanup debug logging (bsc#1227149).
wifi: ath11k: print debug level in debug messages (bsc#1227149).
wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149).
wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149).
wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149).
wifi: ath11k: refactor setting country code logic (stable-fixes).
wifi: ath11k: refactor vif parameter configurations (bsc#1227149).
wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149).
wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149).
wifi: ath11k: remove invalid peer create logic (bsc#1227149).
wifi: ath11k: remove manual mask names from debug messages (bsc#1227149).
wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath11k: remove unsupported event handlers (bsc#1227149).
wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149).
wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149).
wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149).
wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149).
wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149).
wifi: ath11k: rename the sc naming convention to ab (bsc#1227149).
wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149).
wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149).
wifi: ath11k: restore country code during resume (git-fixes).
wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149).
wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149).
wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149).
wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149).
wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149).
wifi: ath11k: support 2 station interfaces (bsc#1227149).
wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149).
wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149).
wifi: ath11k: update regulatory rules when interface added (bsc#1227149).
wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149).
wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149).
wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149).
wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149).
wifi: ath11k: wmi: add unified command debug messages (bsc#1227149).
wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149).
wifi: ath11k: wmi: use common error handling style (bsc#1227149).
wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149).
wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149).
wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149).
wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149).
wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149).
wifi: ath12k: Consolidate WMI peer flags (bsc#1227149).
wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes).
wifi: ath12k: Do not drop tx_status in failure case (git-fixes).
wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149).
wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149).
wifi: ath12k: Fix a few spelling errors (bsc#1227149).
wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes).
wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149).
wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149).
wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149).
wifi: ath12k: Make QMI message rules const (bsc#1227149).
wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149).
wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149).
wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149).
wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149).
wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149).
wifi: ath12k: Remove some dead code (bsc#1227149).
wifi: ath12k: Remove struct ath12k::ops (bsc#1227149).
wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149).
wifi: ath12k: Remove unused declarations (bsc#1227149).
wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149).
wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149).
wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149).
wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149).
wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149).
wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149).
wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149).
wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149).
wifi: ath12k: add EHT PHY modes (bsc#1227149).
wifi: ath12k: add MAC id support in WBM error path (bsc#1227149).
wifi: ath12k: add MLO header in peer association (bsc#1227149).
wifi: ath12k: add P2P IE in beacon template (bsc#1227149).
wifi: ath12k: add QMI PHY capability learn support (bsc#1227149).
wifi: ath12k: add WMI support for EHT peer (bsc#1227149).
wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149).
wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149).
wifi: ath12k: add firmware-2.bin support (bsc#1227149).
wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149).
wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149).
wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149).
wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149).
wifi: ath12k: add processing for TWT disable event (bsc#1227149).
wifi: ath12k: add processing for TWT enable event (bsc#1227149).
wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149).
wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149).
wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149).
wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149).
wifi: ath12k: add support for BA1024 (bsc#1227149).
wifi: ath12k: add support for collecting firmware log (bsc#1227149).
wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149).
wifi: ath12k: add support for peer meta data version (bsc#1227149).
wifi: ath12k: add support one MSI vector (bsc#1227149).
wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149).
wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149).
wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149).
wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149).
wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149).
wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149).
wifi: ath12k: avoid duplicated vdev stop (git-fixes).
wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149).
wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149).
wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149).
wifi: ath12k: avoid repeated hw access from ar (bsc#1227149).
wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149).
wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149).
wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes).
wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149).
wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149).
wifi: ath12k: change interface combination for P2P mode (bsc#1227149).
wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149).
wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149).
wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149).
wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149).
wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149).
wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149).
wifi: ath12k: configure puncturing bitmap (bsc#1227149).
wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149).
wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149).
wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149).
wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149).
wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149).
wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149).
wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149).
wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes).
wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149).
wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149).
wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149).
wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149).
wifi: ath12k: fix PCI read and write (bsc#1227149).
wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149).
wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149).
wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149).
wifi: ath12k: fix debug messages (bsc#1227149).
wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149).
wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149).
wifi: ath12k: fix firmware crash during reo reinject (git-fixes).
wifi: ath12k: fix invalid m3 buffer address (bsc#1227149).
wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes).
wifi: ath12k: fix kernel crash during resume (bsc#1227149).
wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149).
wifi: ath12k: fix peer metadata parsing (git-fixes).
wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149).
wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149).
wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149).
wifi: ath12k: fix the error handler of rfkill config (bsc#1227149).
wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149).
wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149).
wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes).
wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149).
wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149).
wifi: ath12k: implement handling of P2P NoA event (bsc#1227149).
wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149).
wifi: ath12k: increase vdev setup timeout (bsc#1227149).
wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149).
wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149).
wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149).
wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149).
wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149).
wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149).
wifi: ath12k: peer assoc for 320 MHz (bsc#1227149).
wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149).
wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149).
wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149).
wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149).
wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149).
wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149).
wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149).
wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149).
wifi: ath12k: refactor the rfkill worker (bsc#1227149).
wifi: ath12k: register EHT mesh capabilities (bsc#1227149).
wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149).
wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149).
wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149).
wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149).
wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149).
wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149).
wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149).
wifi: ath12k: rename the sc naming convention to ab (bsc#1227149).
wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149).
wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149).
wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149).
wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149).
wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149).
wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149).
wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149).
wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149).
wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149).
wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149).
wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149).
wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149).
wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149).
wifi: ath5k: Remove redundant dev_err() (bsc#1227149).
wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149).
wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149).
wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149).
wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149).
wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149).
wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149).
wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149).
wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149).
wifi: ath9k: Remove unused declarations (bsc#1227149).
wifi: ath9k: avoid using uninitialized array (bsc#1227149).
wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149).
wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149).
wifi: ath9k: delete some unused/duplicate macros (bsc#1227149).
wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149).
wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149).
wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149).
wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149).
wifi: ath9k: use u32 for txgain indexes (bsc#1227149).
wifi: ath9k: work around memset overflow warning (bsc#1227149).
wifi: ath9k_htc: fix format-truncation warning (bsc#1227149).
wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149).
wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149).
wifi: ath: remove unused-but-set parameter (bsc#1227149).
wifi: ath: work around false-positive stringop-overread warning (bsc#1227149).
wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149).
wifi: atmel: remove unused ioctl function (bsc#1227149).
wifi: b43: silence sparse warnings (bsc#1227149).
wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149).
wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149).
wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149).
wifi: brcmfmac: add linefeed at end of file (bsc#1227149).
wifi: brcmfmac: allow per-vendor event handling (bsc#1227149).
wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149).
wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149).
wifi: brcmfmac: export firmware interface functions (bsc#1227149).
wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149).
wifi: brcmfmac: fix format-truncation warnings (bsc#1227149).
wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149).
wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149).
wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149).
wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149).
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149).
wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149).
wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149).
wifi: brcmsmac: remove more unused data types (bsc#1227149).
wifi: brcmsmac: remove unused data type (bsc#1227149).
wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149).
wifi: brcmsmac: silence sparse warnings (bsc#1227149).
wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149).
wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149).
wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149).
wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149).
wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149).
wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149).
wifi: cfg80211: Fix typo in documentation (bsc#1227149).
wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149).
wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149).
wifi: cfg80211: OWE DH IE handling offload (bsc#1227149).
wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149).
wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149).
wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149).
wifi: cfg80211: add BSS usage reporting (bsc#1227149).
wifi: cfg80211: add RNR with reporting AP information (bsc#1227149).
wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149).
wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149).
wifi: cfg80211: add locked debugfs wrappers (bsc#1227149).
wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149).
wifi: cfg80211: address several kerneldoc warnings (bsc#1227149).
wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149).
wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149).
wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149).
wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149).
wifi: cfg80211: check RTNL when iterating devices (bsc#1227149).
wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149).
wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149).
wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149).
wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149).
wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149).
wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149).
wifi: cfg80211: fix 6 GHz scan request building (stable-fixes).
wifi: cfg80211: fix CQM for non-range use (bsc#1227149).
wifi: cfg80211: fix header kernel-doc typos (bsc#1227149).
wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149).
wifi: cfg80211: fix spelling & punctutation (bsc#1227149).
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149).
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149).
wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149).
wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149).
wifi: cfg80211: improve documentation for flag fields (bsc#1227149).
wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149).
wifi: cfg80211: make RX assoc data const (bsc#1227149).
wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149).
wifi: cfg80211: modify prototype for change_beacon (bsc#1227149).
wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149).
wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149).
wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149).
wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149).
wifi: cfg80211: remove scan_width support (bsc#1227149).
wifi: cfg80211: remove wdev mutex (bsc#1227149).
wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149).
wifi: cfg80211: report per-link errors during association (bsc#1227149).
wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149).
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149).
wifi: cfg80211: set correct param change count in ML element (bsc#1227149).
wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149).
wifi: cfg80211: sort certificates in build (bsc#1227149).
wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149).
wifi: cfg80211: validate HE operation element parsing (bsc#1227149).
wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149).
wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes).
wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149).
wifi: cw1200: Convert to GPIO descriptors (bsc#1227149).
wifi: cw1200: fix __le16 sparse warnings (bsc#1227149).
wifi: cw1200: restore endian swapping (bsc#1227149).
wifi: drivers: Explicitly include correct DT includes (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149).
wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149).
wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149).
wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149).
wifi: hostap: remove unused ioctl function (bsc#1227149).
wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149).
wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149).
wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes).
wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149).
wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149).
wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149).
wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149).
wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149).
wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149).
wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149).
wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149).
wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149).
wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149).
wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149).
wifi: iwlwifi: Use request_module_nowait (bsc#1227149).
wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149).
wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149).
wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149).
wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149).
wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149).
wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149).
wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149).
wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149).
wifi: iwlwifi: add support for new ini region types (bsc#1227149).
wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149).
wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149).
wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149).
wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149).
wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149).
wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149).
wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149).
wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149).
wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149).
wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149).
wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149).
wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149).
wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149).
wifi: iwlwifi: change link id in time event to s8 (bsc#1227149).
wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149).
wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149).
wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149).
wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149).
wifi: iwlwifi: clear link_id in time_event (bsc#1227149).
wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149).
wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149).
wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149).
wifi: iwlwifi: disable eSR when BT is active (bsc#1227149).
wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149).
wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149).
wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149).
wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149).
wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149).
wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149).
wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149).
wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149).
wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes).
wifi: iwlwifi: fix opmode start/stop race (bsc#1227149).
wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149).
wifi: iwlwifi: fix system commands group ordering (bsc#1227149).
wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149).
wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149).
wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149).
wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149).
wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149).
wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149).
wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149).
wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149).
wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149).
wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149).
wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149).
wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149).
wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149).
wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149).
wifi: iwlwifi: implement can_activate_links callback (bsc#1227149).
wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149).
wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149).
wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149).
wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149).
wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149).
wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149).
wifi: iwlwifi: make time_events MLO aware (bsc#1227149).
wifi: iwlwifi: mei: return error from register when not built (bsc#1227149).
wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149).
wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149).
wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149).
wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149).
wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149).
wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149).
wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149).
wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149).
wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149).
wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149).
wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes).
wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149).
wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149).
wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149).
wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149).
wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149).
wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149).
wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149).
wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149).
wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149).
wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149).
wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149).
wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149).
wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149).
wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149).
wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149).
wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149).
wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149).
wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149).
wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149).
wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149).
wifi: iwlwifi: mvm: check link more carefully (bsc#1227149).
wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149).
wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149).
wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149).
wifi: iwlwifi: mvm: consider having one active link (bsc#1227149).
wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149).
wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149).
wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149).
wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149).
wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149).
wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149).
wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149).
wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149).
wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149).
wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149).
wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149).
wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149).
wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149).
wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149).
wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149).
wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes).
wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149).
wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149).
wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149).
wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149).
wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149).
wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149).
wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes).
wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149).
wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149).
wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149).
wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149).
wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149).
wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149).
wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149).
wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149).
wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149).
wifi: iwlwifi: mvm: fix link ID management (bsc#1227149).
wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149).
wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149).
wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149).
wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149).
wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149).
wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149).
wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149).
wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes).
wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149).
wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149).
wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149).
wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149).
wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149).
wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149).
wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149).
wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149).
wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149).
wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149).
wifi: iwlwifi: mvm: log dropped frames (bsc#1227149).
wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149).
wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149).
wifi: iwlwifi: mvm: make functions public (bsc#1227149).
wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149).
wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149).
wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149).
wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149).
wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149).
wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149).
wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149).
wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149).
wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149).
wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149).
wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149).
wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149).
wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149).
wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149).
wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149).
wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes).
wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149).
wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149).
wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149).
wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149).
wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149).
wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149).
wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149).
wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149).
wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149).
wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149).
wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149).
wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149).
wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149).
wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149).
wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149).
wifi: iwlwifi: no power save during transition to D3 (bsc#1227149).
wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149).
wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149).
wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149).
wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149).
wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149).
wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149).
wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149).
wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149).
wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149).
wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149).
wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149).
wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149).
wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149).
wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149).
wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149).
wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149).
wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149).
wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149).
wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149).
wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149).
wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149).
wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149).
wifi: iwlwifi: properly check if link is active (bsc#1227149).
wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes).
wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149).
wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149).
wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149).
wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149).
wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149).
wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149).
wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149).
wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149).
wifi: iwlwifi: read SPLC from UEFI (bsc#1227149).
wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149).
wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149).
wifi: iwlwifi: read mac step from aux register (bsc#1227149).
wifi: iwlwifi: refactor RX tracing (bsc#1227149).
wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149).
wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149).
wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149).
wifi: iwlwifi: remove async command callback (bsc#1227149).
wifi: iwlwifi: remove dead-code (bsc#1227149).
wifi: iwlwifi: remove extra kernel-doc (bsc#1227149).
wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149).
wifi: iwlwifi: remove retry loops in start (bsc#1227149).
wifi: iwlwifi: remove unused function prototype (bsc#1227149).
wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149).
wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149).
wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149).
wifi: iwlwifi: send EDT table to FW (bsc#1227149).
wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149).
wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149).
wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149).
wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149).
wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149).
wifi: iwlwifi: support link command version 2 (bsc#1227149).
wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149).
wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149).
wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149).
wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149).
wifi: iwlwifi: trace full frames with TX status request (bsc#1227149).
wifi: iwlwifi: update context info structure definitions (bsc#1227149).
wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149).
wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149).
wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149).
wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149).
wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149).
wifi: libertas: cleanup SDIO reset (bsc#1227149).
wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149).
wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149).
wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149).
wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149).
wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149).
wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes).
wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149).
wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149).
wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149).
wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149).
wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149).
wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149).
wifi: mac80211: Print local link address during authentication (bsc#1227149).
wifi: mac80211: Recalc offload when monitor stop (git-fixes).
wifi: mac80211: Remove unused function declarations (bsc#1227149).
wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149).
wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149).
wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149).
wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149).
wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149).
wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149).
wifi: mac80211: add a driver callback to check active_links (bsc#1227149).
wifi: mac80211: add a flag to disallow puncturing (bsc#1227149).
wifi: mac80211: add back SPDX identifier (bsc#1227149).
wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes).
wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149).
wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149).
wifi: mac80211: add more ops assertions (bsc#1227149).
wifi: mac80211: add more warnings about inserting sta info (bsc#1227149).
wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149).
wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149).
wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149).
wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149).
wifi: mac80211: additions to change_beacon() (bsc#1227149).
wifi: mac80211: address some kerneldoc warnings (bsc#1227149).
wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149).
wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149).
wifi: mac80211: apply mcast rate only if interface is up (stable-fixes).
wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes).
wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes).
wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149).
wifi: mac80211: check wiphy mutex in ops (bsc#1227149).
wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149).
wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149).
wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149).
wifi: mac80211: correctly set active links upon TTLM (bsc#1227149).
wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes).
wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149).
wifi: mac80211: describe return values in kernel-doc (bsc#1227149).
wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149).
wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149).
wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149).
wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149).
wifi: mac80211: drop robust action frames before assoc (bsc#1227149).
wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149).
wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149).
wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149).
wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149).
wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149).
wifi: mac80211: fix BA session teardown race (bsc#1227149).
wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149).
wifi: mac80211: fix SMPS status handling (bsc#1227149).
wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149).
wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149).
wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149).
wifi: mac80211: fix another key installation error path (bsc#1227149).
wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149).
wifi: mac80211: fix channel switch link data (bsc#1227149).
wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149).
wifi: mac80211: fix error path key leak (bsc#1227149).
wifi: mac80211: fix header kernel-doc typos (bsc#1227149).
wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149).
wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149).
wifi: mac80211: fix potential key leak (bsc#1227149).
wifi: mac80211: fix spelling typo in comment (bsc#1227149).
wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149).
wifi: mac80211: fix various kernel-doc issues (bsc#1227149).
wifi: mac80211: fixes in FILS discovery updates (bsc#1227149).
wifi: mac80211: flush STA queues on unauthorization (bsc#1227149).
wifi: mac80211: flush wiphy work where appropriate (bsc#1227149).
wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149).
wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149).
wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149).
wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149).
wifi: mac80211: initialize SMPS mode correctly (bsc#1227149).
wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149).
wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149).
wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149).
wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149).
wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149).
wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149).
wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149).
wifi: mac80211: move TDLS work to wiphy work (bsc#1227149).
wifi: mac80211: move color change finalize to wiphy work (bsc#1227149).
wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149).
wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149).
wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149).
wifi: mac80211: move link activation work to wiphy work (bsc#1227149).
wifi: mac80211: move monitor work to wiphy work (bsc#1227149).
wifi: mac80211: move tspec work to wiphy work (bsc#1227149).
wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149).
wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149).
wifi: mac80211: reduce iflist_mtx (bsc#1227149).
wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149).
wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149).
wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149).
wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149).
wifi: mac80211: remove chanctx_mtx (bsc#1227149).
wifi: mac80211: remove key_mtx (bsc#1227149).
wifi: mac80211: remove local->mtx (bsc#1227149).
wifi: mac80211: remove redundant ML element check (bsc#1227149).
wifi: mac80211: remove shifted rate support (bsc#1227149).
wifi: mac80211: remove sta_mtx (bsc#1227149).
wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149).
wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149).
wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149).
wifi: mac80211: report per-link error during association (bsc#1227149).
wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes).
wifi: mac80211: rework RX timestamp flags (bsc#1227149).
wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149).
wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149).
wifi: mac80211: set wiphy for virtual monitors (bsc#1227149).
wifi: mac80211: simplify non-chanctx drivers (bsc#1227149).
wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149).
wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149).
wifi: mac80211: support antenna control in injection (bsc#1227149).
wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149).
wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149).
wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149).
wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149).
wifi: mac80211: update beacon counters per link basis (bsc#1227149).
wifi: mac80211: update some locking documentation (bsc#1227149).
wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149).
wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149).
wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149).
wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149).
wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149).
wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149).
wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149).
wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149).
wifi: mt76: Convert to platform remove callback returning void (bsc#1227149).
wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149).
wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149).
wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149).
wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149).
wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149).
wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149).
wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149).
wifi: mt76: change txpower init to per-phy (bsc#1227149).
wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149).
wifi: mt76: check txs format before getting skb by pid (bsc#1227149).
wifi: mt76: check vif type before reporting cca and csa (bsc#1227149).
wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149).
wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149).
wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149).
wifi: mt76: connac: add connac3 mac library (bsc#1227149).
wifi: mt76: connac: add data field in struct tlv (bsc#1227149).
wifi: mt76: connac: add eht support for phy mode config (bsc#1227149).
wifi: mt76: connac: add eht support for tx power (bsc#1227149).
wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149).
wifi: mt76: connac: add more unified command IDs (bsc#1227149).
wifi: mt76: connac: add more unified event IDs (bsc#1227149).
wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149).
wifi: mt76: connac: add support for dsp firmware download (bsc#1227149).
wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149).
wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149).
wifi: mt76: connac: check for null before dereferencing (bsc#1227149).
wifi: mt76: connac: export functions for mt7925 (bsc#1227149).
wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149).
wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149).
wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149).
wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149).
wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149).
wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149).
wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149).
wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149).
wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149).
wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149).
wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149).
wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149).
wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149).
wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149).
wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149).
wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149).
wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149).
wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149).
wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149).
wifi: mt76: move rate info in mt76_vif (bsc#1227149).
wifi: mt76: move wed reset common code in mt76 module (bsc#1227149).
wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149).
wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149).
wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149).
wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149).
wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149).
wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149).
wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149).
wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149).
wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149).
wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149).
wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149).
wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149).
wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149).
wifi: mt76: mt7915 add tc offloading support (bsc#1227149).
wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149).
wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149).
wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149).
wifi: mt76: mt7915: add support for MT7981 (bsc#1227149).
wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149).
wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149).
wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149).
wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149).
wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149).
wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149).
wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149).
wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149).
wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149).
wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149).
wifi: mt76: mt7915: update mpdu density capability (bsc#1227149).
wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149).
wifi: mt76: mt7921: Support temp sensor (bsc#1227149).
wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149).
wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149).
wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149).
wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149).
wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149).
wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149).
wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149).
wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149).
wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149).
wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149).
wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149).
wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149).
wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149).
wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149).
wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149).
wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149).
wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149).
wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149).
wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149).
wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149).
wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149).
wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149).
wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149).
wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149).
wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149).
wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149).
wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149).
wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149).
wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149).
wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149).
wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149).
wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149).
wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149).
wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149).
wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149).
wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149).
wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149).
wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149).
wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149).
wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149).
wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149).
wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149).
wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149).
wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149).
wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149).
wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149).
wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149).
wifi: mt76: mt7925: fix fw download fail (bsc#1227149).
wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149).
wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149).
wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149).
wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149).
wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149).
wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149).
wifi: mt76: mt7925: support temperature sensor (bsc#1227149).
wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149).
wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149).
wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149).
wifi: mt76: mt792x: fix ethtool warning (bsc#1227149).
wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149).
wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149).
wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149).
wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149).
wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149).
wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149).
wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149).
wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149).
wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149).
wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149).
wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149).
wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149).
wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149).
wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149).
wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149).
wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149).
wifi: mt76: mt7996: add muru support (bsc#1227149).
wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes).
wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149).
wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149).
wifi: mt76: mt7996: add txpower setting support (bsc#1227149).
wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149).
wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149).
wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149).
wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149).
wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149).
wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149).
wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149).
wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149).
wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149).
wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149).
wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149).
wifi: mt76: mt7996: fix fortify warning (bsc#1227149).
wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149).
wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149).
wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149).
wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149).
wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149).
wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149).
wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149).
wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149).
wifi: mt76: mt7996: increase tx token size (bsc#1227149).
wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149).
wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149).
wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149).
wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149).
wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149).
wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149).
wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149).
wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149).
wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149).
wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149).
wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149).
wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149).
wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149).
wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149).
wifi: mt76: mt7996: support per-band LED control (bsc#1227149).
wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149).
wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149).
wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149).
wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149).
wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149).
wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149).
wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149).
wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149).
wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149).
wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149).
wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149).
wifi: mt76: use chainmask for power delta calculation (bsc#1227149).
wifi: mwifiex: Drop unused headers (bsc#1227149).
wifi: mwifiex: Fix interface type change (git-fixes).
wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149).
wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149).
wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149).
wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149).
wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149).
wifi: mwifiex: Use list_count_nodes() (bsc#1227149).
wifi: mwifiex: cleanup adapter data (bsc#1227149).
wifi: mwifiex: cleanup private data structures (bsc#1227149).
wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149).
wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149).
wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149).
wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149).
wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149).
wifi: mwifiex: handle possible sscanf() errors (bsc#1227149).
wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149).
wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149).
wifi: mwifiex: simplify PCIE write operations (bsc#1227149).
wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149).
wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149).
wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149).
wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149).
wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149).
wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149).
wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149).
wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149).
wifi: nl80211: fixes to FILS discovery updates (bsc#1227149).
wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149).
wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149).
wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149).
wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149).
wifi: plfxlc: Drop unused include (bsc#1227149).
wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149).
wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149).
wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149).
wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149).
wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149).
wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149).
wifi: rt2x00: Simplify bool conversion (bsc#1227149).
wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149).
wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149).
wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149).
wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149).
wifi: rt2x00: fix the typo in comments (bsc#1227149).
wifi: rt2x00: improve MT7620 register initialization (bsc#1227149).
wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149).
wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149).
wifi: rt2x00: make watchdog param per device (bsc#1227149).
wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149).
wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149).
wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149).
wifi: rt2x00: rework MT7620 channel config function (bsc#1227149).
wifi: rt2x00: silence sparse warnings (bsc#1227149).
wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149).
wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149).
wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes).
wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149).
wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149).
wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149).
wifi: rtl8xxxu: Add beacon functions (bsc#1227149).
wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149).
wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149).
wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149).
wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149).
wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149).
wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149).
wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149).
wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149).
wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149).
wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149).
wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149).
wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149).
wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149).
wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149).
wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149).
wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149).
wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149).
wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149).
wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149).
wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149).
wifi: rtl8xxxu: Rename some registers (bsc#1227149).
wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149).
wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149).
wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149).
wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149).
wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149).
wifi: rtl8xxxu: add macids for STA mode (bsc#1227149).
wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149).
wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149).
wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149).
wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149).
wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149).
wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149).
wifi: rtl8xxxu: enable channel switch support (bsc#1227149).
wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149).
wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149).
wifi: rtl8xxxu: fix error messages (bsc#1227149).
wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149).
wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149).
wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149).
wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149).
wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149).
wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149).
wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149).
wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149).
wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149).
wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149).
wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149).
wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149).
wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149).
wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149).
wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149).
wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149).
wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149).
wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149).
wifi: rtl8xxxu: update rate mask per sta (bsc#1227149).
wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149).
wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149).
wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149).
wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149).
wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149).
wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149).
wifi: rtlwifi: cleanup USB interface (bsc#1227149).
wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149).
wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149).
wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149).
wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149).
wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149).
wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149).
wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149).
wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149).
wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149).
wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149).
wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149).
wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149).
wifi: rtlwifi: remove unused timer and related code (bsc#1227149).
wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149).
wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149).
wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149).
wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149).
wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149).
wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149).
wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149).
wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149).
wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149).
wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149).
wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149).
wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149).
wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149).
wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149).
wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149).
wifi: rtlwifi: simplify LED management (bsc#1227149).
wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149).
wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149).
wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149).
wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149).
wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149).
wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149).
wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149).
wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149).
wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149).
wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149).
wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149).
wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149).
wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149).
wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149).
wifi: rtw88: Skip high queue in hci_flush (bsc#1227149).
wifi: rtw88: Stop high queue during scan (bsc#1227149).
wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149).
wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149).
wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149).
wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149).
wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149).
wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149).
wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149).
wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149).
wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149).
wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149).
wifi: rtw88: refine register based H2C command (bsc#1227149).
wifi: rtw88: regd: configure QATAR and UK (bsc#1227149).
wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149).
wifi: rtw88: remove unused USB bulkout size set (bsc#1227149).
wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149).
wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149).
wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149).
wifi: rtw88: simplify vif iterators (bsc#1227149).
wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149).
wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149).
wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149).
wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149).
wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149).
wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149).
wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149).
wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149).
wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149).
wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149).
wifi: rtw89: 8851b: add NCTL post table (bsc#1227149).
wifi: rtw89: 8851b: add RF configurations (bsc#1227149).
wifi: rtw89: 8851b: add TX power related functions (bsc#1227149).
wifi: rtw89: 8851b: add basic power on function (bsc#1227149).
wifi: rtw89: 8851b: add set channel function (bsc#1227149).
wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149).
wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149).
wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149).
wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149).
wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149).
wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149).
wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149).
wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149).
wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149).
wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149).
wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149).
wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149).
wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149).
wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149).
wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149).
wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149).
wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149).
wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149).
wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149).
wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149).
wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149).
wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149).
wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149).
wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149).
wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes).
wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149).
wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149).
wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149).
wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149).
wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149).
wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149).
wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149).
wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149).
wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149).
wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149).
wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149).
wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149).
wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149).
wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149).
wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149).
wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149).
wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149).
wifi: rtw89: 8922a: add TX power related ops (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149).
wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149).
wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149).
wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149).
wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149).
wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149).
wifi: rtw89: 8922a: add power on/off functions (bsc#1227149).
wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149).
wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149).
wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149).
wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149).
wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149).
wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149).
wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149).
wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149).
wifi: rtw89: 8922a: extend and add quota number (bsc#1227149).
wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149).
wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149).
wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149).
wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149).
wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149).
wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149).
wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149).
wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149).
wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149).
wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149).
wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149).
wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149).
wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149).
wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149).
wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149).
wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149).
wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149).
wifi: rtw89: Set default CQM config if not present (bsc#1227149).
wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149).
wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149).
wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149).
wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149).
wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149).
wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149).
wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149).
wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149).
wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149).
wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149).
wifi: rtw89: add EVM for antenna diversity (bsc#1227149).
wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149).
wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149).
wifi: rtw89: add RSSI based antenna diversity (bsc#1227149).
wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149).
wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149).
wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149).
wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149).
wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149).
wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149).
wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149).
wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149).
wifi: rtw89: add firmware parser for v1 format (bsc#1227149).
wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149).
wifi: rtw89: add function prototype for coex request duration (bsc#1227149).
wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149).
wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149).
wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149).
wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149).
wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149).
wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149).
wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149).
wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149).
wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149).
wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149).
wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149).
wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149).
wifi: rtw89: add wait/completion for abort scan (bsc#1227149).
wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149).
wifi: rtw89: advertise missing extended scan feature (bsc#1227149).
wifi: rtw89: avoid stringop-overflow warning (bsc#1227149).
wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149).
wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149).
wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149).
wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149).
wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149).
wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149).
wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149).
wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149).
wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149).
wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149).
wifi: rtw89: cleanup firmware elements parsing (bsc#1227149).
wifi: rtw89: cleanup private data structures (bsc#1227149).
wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149).
wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149).
wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149).
wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149).
wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149).
wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149).
wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149).
wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149).
wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149).
wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149).
wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149).
wifi: rtw89: coex: Update BTG control related logic (bsc#1227149).
wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149).
wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149).
wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149).
wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149).
wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149).
wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149).
wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149).
wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149).
wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149).
wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149).
wifi: rtw89: configure PPDU max user by chip (bsc#1227149).
wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149).
wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149).
wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149).
wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149).
wifi: rtw89: debug: add FW log component for scan (bsc#1227149).
wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149).
wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149).
wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149).
wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149).
wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149).
wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149).
wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149).
wifi: rtw89: declare MCC in interface combination (bsc#1227149).
wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149).
wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149).
wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149).
wifi: rtw89: download firmware with five times retry (bsc#1227149).
wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149).
wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149).
wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149).
wifi: rtw89: fix HW scan not aborting properly (git-fixes).
wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149).
wifi: rtw89: fix a width vs precision bug (bsc#1227149).
wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149).
wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149).
wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149).
wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149).
wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149).
wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149).
wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149).
wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149).
wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149).
wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149).
wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149).
wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149).
wifi: rtw89: fw: consider checksum length of security data (bsc#1227149).
wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149).
wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149).
wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149).
wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149).
wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149).
wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149).
wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149).
wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149).
wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149).
wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149).
wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149).
wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149).
wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149).
wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149).
wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149).
wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149).
wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149).
wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149).
wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149).
wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149).
wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149).
wifi: rtw89: initialize multi-channel handling (bsc#1227149).
wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149).
wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149).
wifi: rtw89: introduce v1 format of firmware header (bsc#1227149).
wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149).
wifi: rtw89: load RFK log format string from firmware file (bsc#1227149).
wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149).
wifi: rtw89: load TX power related tables from FW elements (bsc#1227149).
wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149).
wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149).
wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149).
wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149).
wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149).
wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149).
wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149).
wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149).
wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149).
wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149).
wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149).
wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149).
wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149).
wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149).
wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149).
wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149).
wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149).
wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149).
wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149).
wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149).
wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149).
wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149).
wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149).
wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149).
wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149).
wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149).
wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149).
wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149).
wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149).
wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149).
wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149).
wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149).
wifi: rtw89: mcc: deal with BT slot change (bsc#1227149).
wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149).
wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149).
wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149).
wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149).
wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149).
wifi: rtw89: mcc: initialize start flow (bsc#1227149).
wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149).
wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149).
wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149).
wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149).
wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149).
wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149).
wifi: rtw89: packet offload wait for FW response (bsc#1227149).
wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149).
wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149).
wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149).
wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149).
wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149).
wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149).
wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149).
wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149).
wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149).
wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149).
wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149).
wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149).
wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149).
wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149).
wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149).
wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149).
wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149).
wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149).
wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149).
wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149).
wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149).
wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149).
wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149).
wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149).
wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149).
wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149).
wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149).
wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149).
wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149).
wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149).
wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149).
wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149).
wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149).
wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149).
wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149).
wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149).
wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149).
wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149).
wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149).
wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149).
wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149).
wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149).
wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149).
wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149).
wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149).
wifi: rtw89: recognize log format from firmware file (bsc#1227149).
wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149).
wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149).
wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149).
wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149).
wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149).
wifi: rtw89: refine element naming used by queue empty check (bsc#1227149).
wifi: rtw89: refine hardware scan C2H events (bsc#1227149).
wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149).
wifi: rtw89: refine packet offload handling under SER (bsc#1227149).
wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149).
wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149).
wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149).
wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149).
wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149).
wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149).
wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149).
wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149).
wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149).
wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149).
wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149).
wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149).
wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149).
wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149).
wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149).
wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149).
wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149).
wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149).
wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149).
wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149).
wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149).
wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149).
wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149).
wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149).
wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149).
wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149).
wifi: rtw89: set capability of TX antenna diversity (bsc#1227149).
wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149).
wifi: rtw89: show EHT rate in debugfs (bsc#1227149).
wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149).
wifi: rtw89: support firmware log with formatted text (bsc#1227149).
wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149).
wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149).
wifi: rtw89: update DMA function with different generation (bsc#1227149).
wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149).
wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149).
wifi: rtw89: update suspend/resume for different generation (bsc#1227149).
wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149).
wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149).
wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149).
wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149).
wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149).
wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149).
wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149).
wifi: rtw89: use struct to access RA report (bsc#1227149).
wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149).
wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149).
wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149).
wifi: rtw89: use struct to parse firmware header (bsc#1227149).
wifi: rtw89: use struct to set RA H2C command (bsc#1227149).
wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149).
wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149).
wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149).
wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149).
wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149).
wifi: rtw89: wow: update config mac function with different generation (bsc#1227149).
wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149).
wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes).
wifi: virt_wifi: do not use strlen() in const context (git-fixes).
wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149).
wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149).
wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149).
wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149).
wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149).
wifi: wfx: allow to send frames during ROC (bsc#1227149).
wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149).
wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149).
wifi: wfx: introduce hif_scan_uniq() (bsc#1227149).
wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149).
wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149).
wifi: wfx: scan_lock is global to the device (bsc#1227149).
wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149).
wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149).
wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149).
wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149).
wifi: wilc1000: Remove unused declarations (bsc#1227149).
wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149).
wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149).
wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149).
wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149).
wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149).
wifi: wilc1000: correct CRC7 calculation (bsc#1227149).
wifi: wilc1000: fix declarations ordering (bsc#1227149).
wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149).
wifi: wilc1000: fix ies_len type in connect path (git-fixes).
wifi: wilc1000: fix incorrect power down sequence (bsc#1227149).
wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149).
wifi: wilc1000: remove setting msg.spi (bsc#1227149).
wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149).
wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149).
wifi: wilc1000: simplify remain on channel support (bsc#1227149).
wifi: wilc1000: simplify wilc_scan() (bsc#1227149).
wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149).
wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149).
wifi: wilc1000: validate chip id during bus probe (bsc#1227149).
wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149).
wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149).
wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149).
wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149).
wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149).
wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149).
wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149).
wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149).
wifi: zd1211rw: silence sparse warnings (bsc#1227149).
wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149).
x86/amd_nb: Check for invalid SMN reads (git-fixes).
x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
x86/asm: Fix build of UML with KASAN (git-fixes).
x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes).
x86/boot: Ignore NMIs during very early boot (git-fixes).
x86/cpu: Provide default cache line size if not enumerated (git-fixes).
x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes).
x86/csum: Improve performance of csum_partial (git-fixes).
x86/csum: Remove unnecessary odd handling (git-fixes).
x86/csum: clean up `csum_partial' further (git-fixes).
x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
x86/head/64: Move the __head definition to <asm/init.h> (git-fixes).
x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes).
x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes).
x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes).
x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes).
x86/shstk: Make return uprobe work with shadow stack (git-fixes).
x86/speculation, objtool: Use absolute relocations for annotations (git-fixes).
x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
xen/x86: add extra pages to unpopulated-alloc if available (git-fixes).
xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211).
xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes).
xhci: always resume roothubs if xHC was reset during resume (stable-fixes).

Список пакетов

Container bci/bci-sle15-kernel-module-devel:latest

kernel-default-devel-6.4.0-150600.23.17.1

kernel-devel-6.4.0-150600.23.17.1

kernel-macros-6.4.0-150600.23.17.1

kernel-syms-6.4.0-150600.23.17.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-BYOS

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-BYOS-Azure

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-BYOS-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-BYOS-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS-Aliyun

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS-Azure

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS-GDC

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-EC2-ECS-HVM

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-HPC-BYOS

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-HPC-BYOS-Azure

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-HPC-BYOS-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-HPC-BYOS-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-HPC-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-HPC-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-Hardened-BYOS

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-Hardened-BYOS-Azure

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-Hardened-BYOS-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-Hardened-BYOS-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Azure

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-BYOS

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-BYOS-Azure

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-BYOS-EC2

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-BYOS-GCE

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-GCE

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-Azure

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-BYOS

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-EC2

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAP-Hardened-GCE

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAPCAL

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAPCAL-Azure

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAPCAL-EC2

kernel-default-6.4.0-150600.23.17.1

Image SLES15-SP6-SAPCAL-GCE

kernel-default-6.4.0-150600.23.17.1

SUSE Linux Enterprise High Availability Extension 15 SP6

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

SUSE Linux Enterprise Live Patching 15 SP6

kernel-default-livepatch-6.4.0-150600.23.17.1

kernel-default-livepatch-devel-6.4.0-150600.23.17.1

kernel-livepatch-6_4_0-150600_23_17-default-1-150600.13.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

kernel-64kb-6.4.0-150600.23.17.1

kernel-64kb-devel-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

kernel-default-base-6.4.0-150600.23.17.1.150600.12.6.2

kernel-default-devel-6.4.0-150600.23.17.1

kernel-devel-6.4.0-150600.23.17.1

kernel-macros-6.4.0-150600.23.17.1

kernel-zfcpdump-6.4.0-150600.23.17.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

kernel-docs-6.4.0-150600.23.17.3

kernel-obs-build-6.4.0-150600.23.17.1

kernel-source-6.4.0-150600.23.17.1

kernel-syms-6.4.0-150600.23.17.1

SUSE Linux Enterprise Module for Legacy 15 SP6

reiserfs-kmp-default-6.4.0-150600.23.17.1

SUSE Linux Enterprise Workstation Extension 15 SP6

kernel-default-extra-6.4.0-150600.23.17.1

openSUSE Leap 15.6

cluster-md-kmp-64kb-6.4.0-150600.23.17.1

cluster-md-kmp-default-6.4.0-150600.23.17.1

dlm-kmp-64kb-6.4.0-150600.23.17.1

dlm-kmp-default-6.4.0-150600.23.17.1

dtb-allwinner-6.4.0-150600.23.17.1

dtb-altera-6.4.0-150600.23.17.1

dtb-amazon-6.4.0-150600.23.17.1

dtb-amd-6.4.0-150600.23.17.1

dtb-amlogic-6.4.0-150600.23.17.1

dtb-apm-6.4.0-150600.23.17.1

dtb-apple-6.4.0-150600.23.17.1

dtb-arm-6.4.0-150600.23.17.1

dtb-broadcom-6.4.0-150600.23.17.1

dtb-cavium-6.4.0-150600.23.17.1

dtb-exynos-6.4.0-150600.23.17.1

dtb-freescale-6.4.0-150600.23.17.1

dtb-hisilicon-6.4.0-150600.23.17.1

dtb-lg-6.4.0-150600.23.17.1

dtb-marvell-6.4.0-150600.23.17.1

dtb-mediatek-6.4.0-150600.23.17.1

dtb-nvidia-6.4.0-150600.23.17.1

dtb-qcom-6.4.0-150600.23.17.1

dtb-renesas-6.4.0-150600.23.17.1

dtb-rockchip-6.4.0-150600.23.17.1

dtb-socionext-6.4.0-150600.23.17.1

dtb-sprd-6.4.0-150600.23.17.1

dtb-xilinx-6.4.0-150600.23.17.1

gfs2-kmp-64kb-6.4.0-150600.23.17.1

gfs2-kmp-default-6.4.0-150600.23.17.1

kernel-64kb-6.4.0-150600.23.17.1

kernel-64kb-devel-6.4.0-150600.23.17.1

kernel-64kb-extra-6.4.0-150600.23.17.1

kernel-64kb-livepatch-devel-6.4.0-150600.23.17.1

kernel-64kb-optional-6.4.0-150600.23.17.1

kernel-debug-6.4.0-150600.23.17.1

kernel-debug-devel-6.4.0-150600.23.17.1

kernel-debug-livepatch-devel-6.4.0-150600.23.17.1

kernel-debug-vdso-6.4.0-150600.23.17.1

kernel-default-6.4.0-150600.23.17.1

kernel-default-base-6.4.0-150600.23.17.1.150600.12.6.2

kernel-default-base-rebuild-6.4.0-150600.23.17.1.150600.12.6.2

kernel-default-devel-6.4.0-150600.23.17.1

kernel-default-extra-6.4.0-150600.23.17.1

kernel-default-livepatch-6.4.0-150600.23.17.1

kernel-default-livepatch-devel-6.4.0-150600.23.17.1

kernel-default-optional-6.4.0-150600.23.17.1

kernel-default-vdso-6.4.0-150600.23.17.1

kernel-devel-6.4.0-150600.23.17.1

kernel-docs-6.4.0-150600.23.17.3

kernel-docs-html-6.4.0-150600.23.17.3

kernel-kvmsmall-6.4.0-150600.23.17.1

kernel-kvmsmall-devel-6.4.0-150600.23.17.1

kernel-kvmsmall-livepatch-devel-6.4.0-150600.23.17.1

kernel-kvmsmall-vdso-6.4.0-150600.23.17.1

kernel-macros-6.4.0-150600.23.17.1

kernel-obs-build-6.4.0-150600.23.17.1

kernel-obs-qa-6.4.0-150600.23.17.1

kernel-source-6.4.0-150600.23.17.1

kernel-source-vanilla-6.4.0-150600.23.17.1

kernel-syms-6.4.0-150600.23.17.1

kernel-zfcpdump-6.4.0-150600.23.17.1

kselftests-kmp-64kb-6.4.0-150600.23.17.1

kselftests-kmp-default-6.4.0-150600.23.17.1

ocfs2-kmp-64kb-6.4.0-150600.23.17.1

ocfs2-kmp-default-6.4.0-150600.23.17.1

reiserfs-kmp-64kb-6.4.0-150600.23.17.1

reiserfs-kmp-default-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242802-1/
Link for SUSE-SU-2024:2802-1
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019133.html
E-Mail link for SUSE-SU-2024:2802-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194869
SUSE Bug 1194869
https://bugzilla.suse.com/1215199
SUSE Bug 1215199
https://bugzilla.suse.com/1215587
SUSE Bug 1215587
https://bugzilla.suse.com/1218442
SUSE Bug 1218442
https://bugzilla.suse.com/1218730
SUSE Bug 1218730
https://bugzilla.suse.com/1218820
SUSE Bug 1218820
https://bugzilla.suse.com/1219832
SUSE Bug 1219832
https://bugzilla.suse.com/1220138
SUSE Bug 1220138
https://bugzilla.suse.com/1220427
SUSE Bug 1220427
https://bugzilla.suse.com/1220430
SUSE Bug 1220430
https://bugzilla.suse.com/1220942
SUSE Bug 1220942
https://bugzilla.suse.com/1221057
SUSE Bug 1221057
https://bugzilla.suse.com/1221647
SUSE Bug 1221647
https://bugzilla.suse.com/1221654
SUSE Bug 1221654
https://bugzilla.suse.com/1221656
SUSE Bug 1221656
https://bugzilla.suse.com/1221659
SUSE Bug 1221659
https://bugzilla.suse.com/1222326
SUSE Bug 1222326

Описание

Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-38417.html
CVE-2023-38417
https://bugzilla.suse.com/1225600
SUSE Bug 1225600

Описание

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-47210.html
CVE-2023-47210
https://bugzilla.suse.com/1225601
SUSE Bug 1225601

Описание

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-51780.html
CVE-2023-51780
https://bugzilla.suse.com/1218730
SUSE Bug 1218730
https://bugzilla.suse.com/1218733
SUSE Bug 1218733
https://bugzilla.suse.com/1220191
SUSE Bug 1220191
https://bugzilla.suse.com/1221578
SUSE Bug 1221578
https://bugzilla.suse.com/1221598
SUSE Bug 1221598
https://bugzilla.suse.com/1224298
SUSE Bug 1224298
https://bugzilla.suse.com/1224878
SUSE Bug 1224878

Описание

In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can reach it quite easily : mss = mss * partial_segs; 65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to a bad final result. Make sure to limit segmentation so that the new mss value is smaller than GSO_BY_FRAGS. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0 R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046 FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109 ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120 skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53 __skb_gso_segment+0x339/0x710 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline] validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626 __dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 __sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f8692032aa9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9 RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480 R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R0 ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-52435.html
CVE-2023-52435
https://bugzilla.suse.com/1220138
SUSE Bug 1220138

Описание

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-52472.html
CVE-2023-52472
https://bugzilla.suse.com/1220427
SUSE Bug 1220427
https://bugzilla.suse.com/1220430
SUSE Bug 1220430

Описание

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in smb2_query_info_compound() The following UAF was triggered when running fstests generic/072 with KASAN enabled against Windows Server 2022 and mount options 'multichannel,max_channels=2,vers=3.1.1,mfsymlinks,noperm' BUG: KASAN: slab-use-after-free in smb2_query_info_compound+0x423/0x6d0 [cifs] Read of size 8 at addr ffff888014941048 by task xfs_io/27534 CPU: 0 PID: 27534 Comm: xfs_io Not tainted 6.6.0-rc7 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 Call Trace: dump_stack_lvl+0x4a/0x80 print_report+0xcf/0x650 ? srso_alias_return_thunk+0x5/0x7f ? srso_alias_return_thunk+0x5/0x7f ? __phys_addr+0x46/0x90 kasan_report+0xda/0x110 ? smb2_query_info_compound+0x423/0x6d0 [cifs] ? smb2_query_info_compound+0x423/0x6d0 [cifs] smb2_query_info_compound+0x423/0x6d0 [cifs] ? __pfx_smb2_query_info_compound+0x10/0x10 [cifs] ? srso_alias_return_thunk+0x5/0x7f ? __stack_depot_save+0x39/0x480 ? kasan_save_stack+0x33/0x60 ? kasan_set_track+0x25/0x30 ? ____kasan_slab_free+0x126/0x170 smb2_queryfs+0xc2/0x2c0 [cifs] ? __pfx_smb2_queryfs+0x10/0x10 [cifs] ? __pfx___lock_acquire+0x10/0x10 smb311_queryfs+0x210/0x220 [cifs] ? __pfx_smb311_queryfs+0x10/0x10 [cifs] ? srso_alias_return_thunk+0x5/0x7f ? __lock_acquire+0x480/0x26c0 ? lock_release+0x1ed/0x640 ? srso_alias_return_thunk+0x5/0x7f ? do_raw_spin_unlock+0x9b/0x100 cifs_statfs+0x18c/0x4b0 [cifs] statfs_by_dentry+0x9b/0xf0 fd_statfs+0x4e/0xb0 __do_sys_fstatfs+0x7f/0xe0 ? __pfx___do_sys_fstatfs+0x10/0x10 ? srso_alias_return_thunk+0x5/0x7f ? lockdep_hardirqs_on_prepare+0x136/0x200 ? srso_alias_return_thunk+0x5/0x7f do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 27534: kasan_save_stack+0x33/0x60 kasan_set_track+0x25/0x30 __kasan_kmalloc+0x8f/0xa0 open_cached_dir+0x71b/0x1240 [cifs] smb2_query_info_compound+0x5c3/0x6d0 [cifs] smb2_queryfs+0xc2/0x2c0 [cifs] smb311_queryfs+0x210/0x220 [cifs] cifs_statfs+0x18c/0x4b0 [cifs] statfs_by_dentry+0x9b/0xf0 fd_statfs+0x4e/0xb0 __do_sys_fstatfs+0x7f/0xe0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 27534: kasan_save_stack+0x33/0x60 kasan_set_track+0x25/0x30 kasan_save_free_info+0x2b/0x50 ____kasan_slab_free+0x126/0x170 slab_free_freelist_hook+0xd0/0x1e0 __kmem_cache_free+0x9d/0x1b0 open_cached_dir+0xff5/0x1240 [cifs] smb2_query_info_compound+0x5c3/0x6d0 [cifs] smb2_queryfs+0xc2/0x2c0 [cifs] This is a race between open_cached_dir() and cached_dir_lease_break() where the cache entry for the open directory handle receives a lease break while creating it. And before returning from open_cached_dir(), we put the last reference of the new @cfid because of !@cfid->has_lease. Besides the UAF, while running xfstests a lot of missed lease breaks have been noticed in tests that run several concurrent statfs(2) calls on those cached fids CIFS: VFS: \\w22-root1.gandalf.test No task to wake, unknown frame... CIFS: VFS: \\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1... CIFS: VFS: \\w22-root1.gandalf.test smb buf 00000000715bfe83 len 108 CIFS: VFS: Dump pending requests: CIFS: VFS: \\w22-root1.gandalf.test No task to wake, unknown frame... CIFS: VFS: \\w22-root1.gandalf.test Cmd: 18 Err: 0x0 Flags: 0x1... CIFS: VFS: \\w22-root1.gandalf.test smb buf 000000005aa7316e len 108 ... To fix both, in open_cached_dir() ensure that @cfid->has_lease is set right before sending out compounded request so that any potential lease break will be get processed by demultiplex thread while we're still caching @cfid. And, if open failed for some reason, re-check @cfid->has_lease to decide whether or not put lease reference.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-52751.html
CVE-2023-52751
https://bugzilla.suse.com/1225489
SUSE Bug 1225489

Описание

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol error, got "\xe2" as reply type byte" Finally, we found that the retrieved error data was as follows: 0xE2 0xD4 0xC3 0xD9 0x04 0x00 0x2C 0x20 0xA6 0x56 0x00 0x16 0x3E 0x0C 0xCB 0x04 0x02 0x01 0x00 0x00 0x20 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xE2 It is quite obvious that this is a SMC DECLINE message, which means that the applications received SMC protocol message. We found that this was caused by the following situations: client server | clc proposal -------------> | clc accept <------------- | clc confirm -------------> wait llc confirm send llc confirm |failed llc confirm | x------ (after 2s)timeout wait llc confirm rsp wait decline (after 1s) timeout (after 2s) timeout | decline --------------> | decline <-------------- As a result, a decline message was sent in the implementation, and this message was read from TCP by the already-fallback connection. This patch double the client timeout as 2x of the server value, With this simple change, the Decline messages should never cross or collide (during Confirm link timeout). This issue requires an immediate solution, since the protocol updates involve a more long-term solution.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-52775.html
CVE-2023-52775
https://bugzilla.suse.com/1225088
SUSE Bug 1225088

Описание

printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-25741.html
CVE-2024-25741
https://bugzilla.suse.com/1219832
SUSE Bug 1219832

Описание

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL> - continuously dump SMC-D connections in parallel: watch -n 1 'smcss -D' BUG: kernel NULL pointer dereference, address: 0000000000000030 CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55 RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x66/0x150 ? exc_page_fault+0x69/0x140 ? asm_exc_page_fault+0x26/0x30 ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] ? __kmalloc_node_track_caller+0x35d/0x430 ? __alloc_skb+0x77/0x170 smc_diag_dump_proto+0xd0/0xf0 [smc_diag] smc_diag_dump+0x26/0x60 [smc_diag] netlink_dump+0x19f/0x320 __netlink_dump_start+0x1dc/0x300 smc_diag_handler_dump+0x6a/0x80 [smc_diag] ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag] sock_diag_rcv_msg+0x121/0x140 ? __pfx_sock_diag_rcv_msg+0x10/0x10 netlink_rcv_skb+0x5a/0x110 sock_diag_rcv+0x28/0x40 netlink_unicast+0x22a/0x330 netlink_sendmsg+0x1f8/0x420 __sock_sendmsg+0xb0/0xc0 ____sys_sendmsg+0x24e/0x300 ? copy_msghdr_from_user+0x62/0x80 ___sys_sendmsg+0x7c/0xd0 ? __do_fault+0x34/0x160 ? do_read_fault+0x5f/0x100 ? do_fault+0xb0/0x110 ? __handle_mm_fault+0x2b0/0x6c0 __sys_sendmsg+0x4d/0x80 do_syscall_64+0x69/0x180 entry_SYSCALL_64_after_hwframe+0x6e/0x76 It is possible that the connection is in process of being established when we dump it. Assumed that the connection has been registered in a link group by smc_conn_create() but the rmb_desc has not yet been initialized by smc_buf_create(), thus causing the illegal access to conn->rmb_desc. So fix it by checking before dump.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26615.html
CVE-2024-26615
https://bugzilla.suse.com/1220942
SUSE Bug 1220942

Описание

In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e. pdsc_work_thread()->pdsc_process_adminq() [2] pdsc_adminq_post() When the device goes through reset via PCIe reset and/or a fw_down/fw_up cycle due to bad PCIe state or bad device state the adminq is destroyed and recreated. A NULL pointer dereference can happen if [1] or [2] happens after the adminq is already destroyed. In order to fix this, add some further state checks and implement reference counting for adminq uses. Reference counting was used because multiple threads can attempt to access the adminq at the same time via [1] or [2]. Additionally, multiple clients (i.e. pds-vfio-pci) can be using [2] at the same time. The adminq_refcnt is initialized to 1 when the adminq has been allocated and is ready to use. Users/clients of the adminq (i.e. [1] and [2]) will increment the refcnt when they are using the adminq. When the driver goes into a fw_down cycle it will set the PDSC_S_FW_DEAD bit and then wait for the adminq_refcnt to hit 1. Setting the PDSC_S_FW_DEAD before waiting will prevent any further adminq_refcnt increments. Waiting for the adminq_refcnt to hit 1 allows for any current users of the adminq to finish before the driver frees the adminq. Once the adminq_refcnt hits 1 the driver clears the refcnt to signify that the adminq is deleted and cannot be used. On the fw_up cycle the driver will once again initialize the adminq_refcnt to 1 allowing the adminq to be used again.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26623.html
CVE-2024-26623
https://bugzilla.suse.com/1221057
SUSE Bug 1221057

Описание

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26633.html
CVE-2024-26633
https://bugzilla.suse.com/1221647
SUSE Bug 1221647

Описание

In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16) llc_conn_handler() initialises local variables {saddr,daddr}.mac based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes them to __llc_lookup(). However, the initialisation is done only when skb->protocol is htons(ETH_P_802_2), otherwise, __llc_lookup_established() and __llc_lookup_listener() will read garbage. The missing initialisation existed prior to commit 211ed865108e ("net: delete all instances of special processing for token ring"). It removed the part to kick out the token ring stuff but forgot to close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv(). Let's remove llc_tr_packet_type and complete the deprecation. [0]: BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 __llc_lookup_established+0xe9d/0xf90 __llc_lookup net/llc/llc_conn.c:611 [inline] llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 __netif_receive_skb_one_core net/core/dev.c:5527 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641 netif_receive_skb_internal net/core/dev.c:5727 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5786 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x1490 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Local variable daddr created at: llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26635.html
CVE-2024-26635
https://bugzilla.suse.com/1221656
SUSE Bug 1221656

Описание

In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve space. - Check all conditions again after socket lock is held again. - Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26636.html
CVE-2024-26636
https://bugzilla.suse.com/1221659
SUSE Bug 1221659

Описание

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26641.html
CVE-2024-26641
https://bugzilla.suse.com/1221654
SUSE Bug 1221654

Описание

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: <TASK> tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26663.html
CVE-2024-26663
https://bugzilla.suse.com/1222326
SUSE Bug 1222326

Описание

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x4080 vxlan_xmit+0xf61/0x5c00 dev_hard_start_xmit+0xfb/0x510 __dev_queue_xmit+0x7cd/0x32a0 br_dev_queue_push_xmit+0x39d/0x6a0 Use skb_checksum instead of csum_partial who cannot deal with non-linear SKBs.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26665.html
CVE-2024-26665
https://bugzilla.suse.com/1222328
SUSE Bug 1222328

Описание

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix circular locking dependency The rule inside kvm enforces that the vcpu->mutex is taken *inside* kvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquires the kvm->lock while already holding the vcpu->mutex lock from kvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by protecting the hyp vm handle with the config_lock, much like we already do for other forms of VM-scoped data.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26691.html
CVE-2024-26691
https://bugzilla.suse.com/1222463
SUSE Bug 1222463

Описание

In the Linux kernel, the following vulnerability has been resolved: devlink: fix possible use-after-free and memory leaks in devlink_init() The pernet operations structure for the subsystem must be registered before registering the generic netlink family. Make an unregister in case of unsuccessful registration.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26734.html
CVE-2024-26734
https://bugzilla.suse.com/1222438
SUSE Bug 1222438

Описание

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] Call Trace: lock_acquire lock_acquire+0x1ce/0x4f0 down_read+0x93/0x4a0 iommufd_test_syz_conv_iova+0x56/0x1f0 iommufd_test_access_rw.isra.0+0x2ec/0x390 iommufd_test+0x1058/0x1e30 iommufd_fops_ioctl+0x381/0x510 vfs_ioctl __do_sys_ioctl __se_sys_ioctl __x64_sys_ioctl+0x170/0x1e0 do_syscall_x64 do_syscall_64+0x71/0x140 This is because the new iommufd_access_change_ioas() sets access->ioas to NULL during its process, so the lock might be gone in a concurrent racing context. Fix this by doing the same access->ioas sanity as iommufd_access_rw() and iommufd_access_pin_pages() functions do.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26785.html
CVE-2024-26785
https://bugzilla.suse.com/1222779
SUSE Bug 1222779

Описание

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data re-injection from stale subflow When the MPTCP PM detects that a subflow is stale, all the packet scheduler must re-inject all the mptcp-level unacked data. To avoid acquiring unneeded locks, it first try to check if any unacked data is present at all in the RTX queue, but such check is currently broken, as it uses TCP-specific helper on an MPTCP socket. Funnily enough fuzzers and static checkers are happy, as the accessed memory still belongs to the mptcp_sock struct, and even from a functional perspective the recovery completed successfully, as the short-cut test always failed. A recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize tcp_sock fast path variables") - exposed the issue, as the tcp field reorganization makes the mptcp code always skip the re-inection. Fix the issue dropping the bogus call: we are on a slow path, the early optimization proved once again to be evil.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26826.html
CVE-2024-26826
https://bugzilla.suse.com/1223010
SUSE Bug 1223010

Описание

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 fill_frame_info net/hsr/hsr_forward.c:577 [inline] hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615 hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 packet_alloc_skb net/packet/af_packet.c:2936 [inline] packet_snd net/packet/af_packet.c:3030 [inline] packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [inline] __se_sys_sendto net/socket.c:2199 [inline] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== If the packet type ID field in the Ethernet header is either ETH_P_PRP or ETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr() reads an invalid value as a sequence number. This causes the above issue. This patch fixes the issue by returning NULL if the Ethernet header is not followed by an HSR tag.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26863.html
CVE-2024-26863
https://bugzilla.suse.com/1223021
SUSE Bug 1223021

Описание

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0 ================================================================== BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs] Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007 CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Call Trace: <TASK> dump_stack_lvl+0x5b/0x90 print_report+0xcf/0x670 ? __virt_addr_valid+0x200/0x3e0 kasan_report+0xd8/0x110 ? do_zone_finish+0x91a/0xb90 [btrfs] ? do_zone_finish+0x91a/0xb90 [btrfs] do_zone_finish+0x91a/0xb90 [btrfs] btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs] ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs] ? btrfs_put_root+0x2d/0x220 [btrfs] ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs] cleaner_kthread+0x21e/0x380 [btrfs] ? __pfx_cleaner_kthread+0x10/0x10 [btrfs] kthread+0x2e3/0x3c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Allocated by task 3493983: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 btrfs_alloc_device+0xb3/0x4e0 [btrfs] device_list_add.constprop.0+0x993/0x1630 [btrfs] btrfs_scan_one_device+0x219/0x3d0 [btrfs] btrfs_control_ioctl+0x26e/0x310 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 3494056: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3f/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x32/0x70 kfree+0x11b/0x320 btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs] btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs] btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs] btrfs_ioctl+0xb27/0x57d0 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 The buggy address belongs to the object at ffff8881543c8000 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 96 bytes inside of freed 1024-byte region [ffff8881543c8000, ffff8881543c8400) The buggy address belongs to the physical page: page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8 head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb This UAF happens because we're accessing stale zone information of a already removed btrfs_device in do_zone_finish(). The sequence of events is as follows: btrfs_dev_replace_start btrfs_scrub_dev btrfs_dev_replace_finishing btrfs_dev_replace_update_device_in_mapping_tree <-- devices replaced btrfs_rm_dev_replace_free_srcdev btrfs_free_device <-- device freed cleaner_kthread btrfs_delete_unused_bgs btrfs_zone_finish do_zone_finish <-- refers the freed device The reason for this is that we're using a ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-26944.html
CVE-2024-26944
https://bugzilla.suse.com/1223731
SUSE Bug 1223731

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state. Currently, it uses the set->ops->walk() to iterate over these set elements. The existing set iterator skips inactive elements in the next generation, this does not work from the abort path to restore the original state since it has to skip active elements instead (not inactive ones). This patch moves the check for inactive elements to the set iterator callback, then it reverses the logic for the .activate case which needs to skip active elements. Toggle next generation bit for elements when delete set command is invoked and call nft_clear() from .activate (abort) path to restore the next generation bit. The splat below shows an object in mappings memleak: [43929.457523] ------------[ cut here ]------------ [43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [...] [43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 [43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246 [43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000 [43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550 [43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f [43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0 [43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002 [43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0 [43929.458114] Call Trace: [43929.458118] <TASK> [43929.458121] ? __warn+0x9f/0x1a0 [43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458188] ? report_bug+0x1b1/0x1e0 [43929.458196] ? handle_bug+0x3c/0x70 [43929.458200] ? exc_invalid_op+0x17/0x40 [43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables] [43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables] [43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables] [43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables] [43929.458512] ? rb_insert_color+0x2e/0x280 [43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables] [43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables] [43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables] [43929.458701] ? __rcu_read_unlock+0x46/0x70 [43929.458709] nft_delset+0xff/0x110 [nf_tables] [43929.458769] nft_flush_table+0x16f/0x460 [nf_tables] [43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables]

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27012.html
CVE-2024-27012
https://bugzilla.suse.com/1223804
SUSE Bug 1223804

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow table lookup, so pppoe packets enter the classical forwarding path.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27015.html
CVE-2024-27015
https://bugzilla.suse.com/1223806
SUSE Bug 1223806

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27016.html
CVE-2024-27016
https://bugzilla.suse.com/1223807
SUSE Bug 1223807

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in __nft_obj_type_get(). Therefore, there is potential data-race of nf_tables_objects list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_objects list in __nft_obj_type_get(), and use rcu_read_lock() in the caller nft_obj_type_get() to protect the entire type query process.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27019.html
CVE-2024-27019
https://bugzilla.suse.com/1223813
SUSE Bug 1223813

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27020.html
CVE-2024-27020
https://bugzilla.suse.com/1223815
SUSE Bug 1223815

Описание

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27025.html
CVE-2024-27025
https://bugzilla.suse.com/1223778
SUSE Bug 1223778

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain If nft_netdev_register_hooks() fails, the memory associated with nft_stats is not freed, causing a memory leak. This patch fixes it by moving nft_stats_alloc() down after nft_netdev_register_hooks() succeeds.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27064.html
CVE-2024-27064
https://bugzilla.suse.com/1223740
SUSE Bug 1223740

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27065.html
CVE-2024-27065
https://bugzilla.suse.com/1223836
SUSE Bug 1223836

Описание

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skb_queue_empty() use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skb_peek() unexpectedly returning NULL or a pointer to an already dequeued socket buffer.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27402.html
CVE-2024-27402
https://bugzilla.suse.com/1224414
SUSE Bug 1224414

Описание

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remote_id Similar to the previous patch, address the data race on remote_id, adding the suitable ONCE annotations.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-27404.html
CVE-2024-27404
https://bugzilla.suse.com/1224422
SUSE Bug 1224422

Описание

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions. Fix this by adding "cond_resched" to the loop that frees the exceptions.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35805.html
CVE-2024-35805
https://bugzilla.suse.com/1224743
SUSE Bug 1224743

Описание

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the migration fails, the code tries to migrate the filters back to the old region. However, the rollback itself can also fail in which case another migration will be erroneously performed. Besides the fact that this ping pong is not a very good idea, it also creates a problem. Each virtual chunk references two chunks: The currently used one ('vchunk->chunk') and a backup ('vchunk->chunk2'). During migration the first holds the chunk we want to migrate filters to and the second holds the chunk we are migrating filters from. The code currently assumes - but does not verify - that the backup chunk does not exist (NULL) if the currently used chunk does not reference the target region. This assumption breaks when we are trying to rollback a rollback, resulting in the backup chunk being overwritten and leaked [1]. Fix by not rolling back a failed rollback and add a warning to avoid future cases. [1] WARNING: CPU: 5 PID: 1063 at lib/parman.c:291 parman_destroy+0x17/0x20 Modules linked in: CPU: 5 PID: 1063 Comm: kworker/5:11 Tainted: G W 6.9.0-rc2-custom-00784-gc6a05c468a0b #14 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:parman_destroy+0x17/0x20 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_region_fini+0x19/0x60 mlxsw_sp_acl_tcam_region_destroy+0x49/0xf0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x1f1/0x470 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK>

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35853.html
CVE-2024-35853
https://bugzilla.suse.com/1224604
SUSE Bug 1224604

Описание

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the result of a failed migration. The destruction of a region that still has filters referencing it can result in a use-after-free [1]. Fix by not destroying the region if migration failed. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 Read of size 8 at addr ffff8881735319e8 by task kworker/0:31/3858 CPU: 0 PID: 3858 Comm: kworker/0:31 Tainted: G W 6.9.0-rc2-custom-00782-gf2275c2157d8 #5 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_ctcam_region_entry_remove+0x21d/0x230 mlxsw_sp_acl_ctcam_entry_del+0x2e/0x70 mlxsw_sp_acl_atcam_entry_del+0x81/0x210 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3cd/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 174: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_region_create+0xdf/0x9c0 mlxsw_sp_acl_tcam_vregion_rehash_work+0x954/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Freed by task 7: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_region_destroy+0x272/0x310 mlxsw_sp_acl_tcam_vregion_rehash_work+0x731/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35854.html
CVE-2024-35854
https://bugzilla.suse.com/1224636
SUSE Bug 1224636

Описание

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skb_segment_list those skbs can be reused as-is. This is an issue as their destructor was removed in skb_gro_receive_list but not the reference to their socket, and then they can't be orphaned. Fix this by also removing the reference to the socket. For example this could be observed, kernel BUG at include/linux/skbuff.h:3131! (skb_orphan) RIP: 0010:ip6_rcv_core+0x11bc/0x19a0 Call Trace: ipv6_list_rcv+0x250/0x3f0 __netif_receive_skb_list_core+0x49d/0x8f0 netif_receive_skb_list_internal+0x634/0xd40 napi_complete_done+0x1d2/0x7d0 gro_cell_poll+0x118/0x1f0 A similar construction is found in skb_gro_receive, apply the same change there.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35890.html
CVE-2024-35890
https://bugzilla.suse.com/1224516
SUSE Bug 1224516

Описание

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: prevent kernel-infoleak syzbot found that tcf_skbmod_dump() was copying four bytes from kernel stack to user space [1]. The issue here is that 'struct tc_skbmod' has a four bytes hole. We need to clear the structure before filling fields. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 instrument_copy_to_user include/linux/instrumented.h:114 [inline] copy_to_user_iter lib/iov_iter.c:24 [inline] iterate_ubuf include/linux/iov_iter.h:29 [inline] iterate_and_advance2 include/linux/iov_iter.h:245 [inline] iterate_and_advance include/linux/iov_iter.h:271 [inline] _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185 copy_to_iter include/linux/uio.h:196 [inline] simple_copy_to_iter net/core/datagram.c:532 [inline] __skb_datagram_iter+0x185/0x1000 net/core/datagram.c:420 skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546 skb_copy_datagram_msg include/linux/skbuff.h:4050 [inline] netlink_recvmsg+0x432/0x1610 net/netlink/af_netlink.c:1962 sock_recvmsg_nosec net/socket.c:1046 [inline] sock_recvmsg+0x2c4/0x340 net/socket.c:1068 __sys_recvfrom+0x35a/0x5f0 net/socket.c:2242 __do_sys_recvfrom net/socket.c:2260 [inline] __se_sys_recvfrom net/socket.c:2256 [inline] __x64_sys_recvfrom+0x126/0x1d0 net/socket.c:2256 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was stored to memory at: pskb_expand_head+0x30f/0x19d0 net/core/skbuff.c:2253 netlink_trim+0x2c2/0x330 net/netlink/af_netlink.c:1317 netlink_unicast+0x9f/0x1260 net/netlink/af_netlink.c:1351 nlmsg_unicast include/net/netlink.h:1144 [inline] nlmsg_notify+0x21d/0x2f0 net/netlink/af_netlink.c:2610 rtnetlink_send+0x73/0x90 net/core/rtnetlink.c:741 rtnetlink_maybe_send include/linux/rtnetlink.h:17 [inline] tcf_add_notify net/sched/act_api.c:2048 [inline] tcf_action_add net/sched/act_api.c:2071 [inline] tc_ctl_action+0x146e/0x19d0 net/sched/act_api.c:2119 rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2559 rtnetlink_rcv+0x34/0x40 net/core/rtnetlink.c:6613 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xf4c/0x1260 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10df/0x11f0 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:745 ____sys_sendmsg+0x877/0xb60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674 do_syscall_64+0xd5/0x1f0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit was stored to memory at: __nla_put lib/nlattr.c:1041 [inline] nla_put+0x1c6/0x230 lib/nlattr.c:1099 tcf_skbmod_dump+0x23f/0xc20 net/sched/act_skbmod.c:256 tcf_action_dump_old net/sched/act_api.c:1191 [inline] tcf_action_dump_1+0x85e/0x970 net/sched/act_api.c:1227 tcf_action_dump+0x1fd/0x460 net/sched/act_api.c:1251 tca_get_fill+0x519/0x7a0 net/sched/act_api.c:1628 tcf_add_notify_msg net/sched/act_api.c:2023 [inline] tcf_add_notify net/sched/act_api.c:2042 [inline] tcf_action_add net/sched/act_api.c:2071 [inline] tc_ctl_action+0x1365/0x19d0 net/sched/act_api.c:2119 rtnetlink_rcv_msg+0x1737/0x1900 net/core/rtnetlink.c:6595 netlink_rcv_skb+0x375/0x650 net/netlink/af_netli ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35893.html
CVE-2024-35893
https://bugzilla.suse.com/1224512
SUSE Bug 1224512

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net and the destroy workqueue. The trace below shows an element to be released via destroy workqueue while exit_net path (triggered via module removal) has already released the set that is used in such transaction. [ 1360.547789] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.547861] Read of size 8 at addr ffff888140500cc0 by task kworker/4:1/152465 [ 1360.547870] CPU: 4 PID: 152465 Comm: kworker/4:1 Not tainted 6.8.0+ #359 [ 1360.547882] Workqueue: events nf_tables_trans_destroy_work [nf_tables] [ 1360.547984] Call Trace: [ 1360.547991] <TASK> [ 1360.547998] dump_stack_lvl+0x53/0x70 [ 1360.548014] print_report+0xc4/0x610 [ 1360.548026] ? __virt_addr_valid+0xba/0x160 [ 1360.548040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 1360.548054] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.548176] kasan_report+0xae/0xe0 [ 1360.548189] ? nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.548312] nf_tables_trans_destroy_work+0x3f5/0x590 [nf_tables] [ 1360.548447] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [nf_tables] [ 1360.548577] ? _raw_spin_unlock_irq+0x18/0x30 [ 1360.548591] process_one_work+0x2f1/0x670 [ 1360.548610] worker_thread+0x4d3/0x760 [ 1360.548627] ? __pfx_worker_thread+0x10/0x10 [ 1360.548640] kthread+0x16b/0x1b0 [ 1360.548653] ? __pfx_kthread+0x10/0x10 [ 1360.548665] ret_from_fork+0x2f/0x50 [ 1360.548679] ? __pfx_kthread+0x10/0x10 [ 1360.548690] ret_from_fork_asm+0x1a/0x30 [ 1360.548707] </TASK> [ 1360.548719] Allocated by task 192061: [ 1360.548726] kasan_save_stack+0x20/0x40 [ 1360.548739] kasan_save_track+0x14/0x30 [ 1360.548750] __kasan_kmalloc+0x8f/0xa0 [ 1360.548760] __kmalloc_node+0x1f1/0x450 [ 1360.548771] nf_tables_newset+0x10c7/0x1b50 [nf_tables] [ 1360.548883] nfnetlink_rcv_batch+0xbc4/0xdc0 [nfnetlink] [ 1360.548909] nfnetlink_rcv+0x1a8/0x1e0 [nfnetlink] [ 1360.548927] netlink_unicast+0x367/0x4f0 [ 1360.548935] netlink_sendmsg+0x34b/0x610 [ 1360.548944] ____sys_sendmsg+0x4d4/0x510 [ 1360.548953] ___sys_sendmsg+0xc9/0x120 [ 1360.548961] __sys_sendmsg+0xbe/0x140 [ 1360.548971] do_syscall_64+0x55/0x120 [ 1360.548982] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 1360.548994] Freed by task 192222: [ 1360.548999] kasan_save_stack+0x20/0x40 [ 1360.549009] kasan_save_track+0x14/0x30 [ 1360.549019] kasan_save_free_info+0x3b/0x60 [ 1360.549028] poison_slab_object+0x100/0x180 [ 1360.549036] __kasan_slab_free+0x14/0x30 [ 1360.549042] kfree+0xb6/0x260 [ 1360.549049] __nft_release_table+0x473/0x6a0 [nf_tables] [ 1360.549131] nf_tables_exit_net+0x170/0x240 [nf_tables] [ 1360.549221] ops_exit_list+0x50/0xa0 [ 1360.549229] free_exit_list+0x101/0x140 [ 1360.549236] unregister_pernet_operations+0x107/0x160 [ 1360.549245] unregister_pernet_subsys+0x1c/0x30 [ 1360.549254] nf_tables_module_exit+0x43/0x80 [nf_tables] [ 1360.549345] __do_sys_delete_module+0x253/0x370 [ 1360.549352] do_syscall_64+0x55/0x120 [ 1360.549360] entry_SYSCALL_64_after_hwframe+0x55/0x5d (gdb) list *__nft_release_table+0x473 0x1e033 is in __nft_release_table (net/netfilter/nf_tables_api.c:11354). 11349 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) { 11350 list_del(&flowtable->list); 11351 nft_use_dec(&table->use); 11352 nf_tables_flowtable_destroy(flowtable); 11353 } 11354 list_for_each_entry_safe(set, ns, &table->sets, list) { 11355 list_del(&set->list); 11356 nft_use_dec(&table->use); 11357 if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT)) 11358 nft_map_deactivat ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35899.html
CVE-2024-35899
https://bugzilla.suse.com/1224499
SUSE Bug 1224499

Описание

In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35908.html
CVE-2024-35908
https://bugzilla.suse.com/1224490
SUSE Bug 1224490

Описание

In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Many syzbot reports show extreme rtnl pressure, and many of them hint that smc acquires rtnl in netns creation for no good reason [1] This patch returns early from smc_pnet_net_init() if there is no netdevice yet. I am not even sure why smc_pnet_create_pnetids_list() even exists, because smc_pnet_netdev_event() is also calling smc_pnet_add_base_pnetid() when handling NETDEV_UP event. [1] extract of typical syzbot reports 2 locks held by syz-executor.3/12252: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.4/12253: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.1/12257: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.2/12261: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.0/12265: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.3/12268: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.4/12271: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.1/12274: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878 2 locks held by syz-executor.2/12280: #0: ffffffff8f369610 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 net/core/net_namespace.c:491 #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_create_pnetids_list net/smc/smc_pnet.c:809 [inline] #1: ffffffff8f375b88 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 net/smc/smc_pnet.c:878

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35934.html
CVE-2024-35934
https://bugzilla.suse.com/1224641
SUSE Bug 1224641

Описание

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain According to i.MX8MP RM and HDMI ADD, the fdcc clock is part of hdmi rx verification IP that should not enable for HDMI TX. But actually if the clock is disabled before HDMI/LCDIF probe, LCDIF will not get pixel clock from HDMI PHY and print the error logs: [CRTC:39:crtc-2] vblank wait timed out WARNING: CPU: 2 PID: 9 at drivers/gpu/drm/drm_atomic_helper.c:1634 drm_atomic_helper_wait_for_vblanks.part.0+0x23c/0x260 Add fdcc clock to LCDIF and HDMI TX power domains to fix the issue.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-35942.html
CVE-2024-35942
https://bugzilla.suse.com/1224589
SUSE Bug 1224589

Описание

In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over aggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf(). The commit placed this lock acquisition just prior to the acquisition of the VF configuration lock. If ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK flag, this could deadlock with ice_vc_cfg_qs_msg() because it always acquires the locks in the order of the VF configuration lock and then the LAG mutex. Lockdep reports this violation almost immediately on creating and then removing 2 VF: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-rc6 #54 Tainted: G W O ------------------------------------------------------ kworker/60:3/6771 is trying to acquire lock: ff40d43e099380a0 (&vf->cfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice] but task is already holding lock: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&pf->lag_mutex){+.+.}-{3:3}: __lock_acquire+0x4f8/0xb40 lock_acquire+0xd4/0x2d0 __mutex_lock+0x9b/0xbf0 ice_vc_cfg_qs_msg+0x45/0x690 [ice] ice_vc_process_vf_msg+0x4f5/0x870 [ice] __ice_clean_ctrlq+0x2b5/0x600 [ice] ice_service_task+0x2c9/0x480 [ice] process_one_work+0x1e9/0x4d0 worker_thread+0x1e1/0x3d0 kthread+0x104/0x140 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1b/0x30 -> #0 (&vf->cfg_lock){+.+.}-{3:3}: check_prev_add+0xe2/0xc50 validate_chain+0x558/0x800 __lock_acquire+0x4f8/0xb40 lock_acquire+0xd4/0x2d0 __mutex_lock+0x9b/0xbf0 ice_reset_vf+0x22f/0x4d0 [ice] ice_process_vflr_event+0x98/0xd0 [ice] ice_service_task+0x1cc/0x480 [ice] process_one_work+0x1e9/0x4d0 worker_thread+0x1e1/0x3d0 kthread+0x104/0x140 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1b/0x30 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pf->lag_mutex); lock(&vf->cfg_lock); lock(&pf->lag_mutex); lock(&vf->cfg_lock); *** DEADLOCK *** 4 locks held by kworker/60:3/6771: #0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0 #1: ff50d06e05197e58 ((work_completion)(&pf->serv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0 #2: ff40d43ea1960e50 (&pf->vfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice] #3: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice] stack backtrace: CPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G W O 6.8.0-rc6 #54 Hardware name: Workqueue: ice ice_service_task [ice] Call Trace: <TASK> dump_stack_lvl+0x4a/0x80 check_noncircular+0x12d/0x150 check_prev_add+0xe2/0xc50 ? save_trace+0x59/0x230 ? add_chain_cache+0x109/0x450 validate_chain+0x558/0x800 __lock_acquire+0x4f8/0xb40 ? lockdep_hardirqs_on+0x7d/0x100 lock_acquire+0xd4/0x2d0 ? ice_reset_vf+0x22f/0x4d0 [ice] ? lock_is_held_type+0xc7/0x120 __mutex_lock+0x9b/0xbf0 ? ice_reset_vf+0x22f/0x4d0 [ice] ? ice_reset_vf+0x22f/0x4d0 [ice] ? rcu_is_watching+0x11/0x50 ? ice_reset_vf+0x22f/0x4d0 [ice] ice_reset_vf+0x22f/0x4d0 [ice] ? process_one_work+0x176/0x4d0 ice_process_vflr_event+0x98/0xd0 [ice] ice_service_task+0x1cc/0x480 [ice] process_one_work+0x1e9/0x4d0 worker_thread+0x1e1/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x104/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> To avoid deadlock, we must acquire the LAG ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36003.html
CVE-2024-36003
https://bugzilla.suse.com/1224544
SUSE Bug 1224544

Описание

In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too. [Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is flushing !WQ_MEM_RECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 check_flush_dependency+0x10b/0x120 [ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr rfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma intel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core iTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore ioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich intel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad xfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe drm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel libata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror dm_region_hash dm_log dm_mod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40e_service_task [i40e] [ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] ? __warn+0x80/0x130 [ +0.000003] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? report_bug+0x195/0x1a0 [ +0.000005] ? handle_bug+0x3c/0x70 [ +0.000003] ? exc_invalid_op+0x14/0x70 [ +0.000002] ? asm_exc_invalid_op+0x16/0x20 [ +0.000006] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? check_flush_dependency+0x10b/0x120 [ +0.000002] __flush_workqueue+0x126/0x3f0 [ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core] [ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core] [ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core] [ +0.000020] i40iw_close+0x4b/0x90 [irdma] [ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e] [ +0.000035] i40e_service_task+0x126/0x190 [i40e] [ +0.000024] process_one_work+0x174/0x340 [ +0.000003] worker_th ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36004.html
CVE-2024-36004
https://bugzilla.suse.com/1224545
SUSE Bug 1224545

Описание

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules linked in: CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8 8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe <0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9 RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4 RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000 R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0 Call Trace: <TASK> __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline] mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline] __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615 mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767 process_one_work+0x1e0/0x560 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x3c7/0x640 kernel/workqueue.c:3416 kthread+0x121/0x170 kernel/kthread.c:388 ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> When fallback to TCP happens early on a client socket, snd_nxt is not yet initialized and any incoming ack will copy such value into snd_una. If the mptcp worker (dumbly) tries mptcp-level re-injection after such ack, that would unconditionally trigger a send buffer cleanup using 'bad' snd_una values. We could easily disable re-injection for fallback sockets, but such dumb behavior already helped catching a few subtle issues and a very low to zero impact in practice. Instead address the issue always initializing snd_nxt (and write_seq, for consistency) at connect time.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36889.html
CVE-2024-36889
https://bugzilla.suse.com/1225746
SUSE Bug 1225746

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237 Code: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff RSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000 RDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48 RBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad R10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0 R13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000 FS: 00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> NF_HOOK include/linux/netfilter.h:314 [inline] ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358 sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248 sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653 sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline] sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73 __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234 sctp_connect net/sctp/socket.c:4819 [inline] sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline] __se_sys_connect net/socket.c:2072 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36901.html
CVE-2024-36901
https://bugzilla.suse.com/1225711
SUSE Bug 1225711

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline] RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267 Code: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c RSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700 RDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760 RBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd R10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000 R13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00 FS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317 fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108 ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline] ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649 ip6_route_output include/net/ip6_route.h:93 [inline] ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120 ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250 sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326 sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455 sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662 sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099 __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197 sctp_connect net/sctp/socket.c:4819 [inline] sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline] __se_sys_connect net/socket.c:2072 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36902.html
CVE-2024-36902
https://bugzilla.suse.com/1225719
SUSE Bug 1225719

Описание

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus ring buffer code could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the struct vmbus_gpadl for the ring buffers to decide whether to free the memory.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36909.html
CVE-2024-36909
https://bugzilla.suse.com/1225744
SUSE Bug 1225744

Описание

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36910.html
CVE-2024-36910
https://bugzilla.suse.com/1225717
SUSE Bug 1225717

Описание

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The netvsc driver could free decrypted/shared pages if set_memory_decrypted() fails. Check the decrypted field in the gpadl to decide whether to free the memory.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36911.html
CVE-2024-36911
https://bugzilla.suse.com/1225745
SUSE Bug 1225745

Описание

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. In order to make sure callers of vmbus_establish_gpadl() and vmbus_teardown_gpadl() don't return decrypted/shared pages to allocators, add a field in struct vmbus_gpadl to keep track of the decryption status of the buffers. This will allow the callers to know if they should free or leak the pages.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36912.html
CVE-2024-36912
https://bugzilla.suse.com/1225752
SUSE Bug 1225752

Описание

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypted pages if set_memory_encrypted()/decrypted() fails. Leak the pages if this happens.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36913.html
CVE-2024-36913
https://bugzilla.suse.com/1225753
SUSE Bug 1225753

Описание

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it's not applicable [WHY] dynamic memory safety error detector (KASAN) catches and generates error messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not support certain features which are not initialized. [HOW] Skip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36914.html
CVE-2024-36914
https://bugzilla.suse.com/1225757
SUSE Bug 1225757

Описание

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice, resulting in the WARN_ONCE() a little later. Fix that by reading txq->read_ptr under lock.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36922.html
CVE-2024-36922
https://bugzilla.suse.com/1225805
SUSE Bug 1225805

Описание

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message(). With function inlining disabled, the call stack might look like this: _raw_spin_lock_irqsave from complete_with_flags+0x18/0x58 complete_with_flags from spi_complete+0x8/0xc spi_complete from spi_finalize_current_message+0xec/0x184 spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474 spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230 __spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4 __spi_transfer_message_noqueue from __spi_sync+0x204/0x248 __spi_sync from spi_sync+0x24/0x3c spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c [mcp251xfd] mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+0xf8/0x154 _regmap_raw_read from _regmap_bus_read+0x44/0x70 _regmap_bus_read from _regmap_read+0x60/0xd8 _regmap_read from regmap_read+0x3c/0x5c regmap_read from mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd] mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70 [mcp251xfd] mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78 irq_thread_fn from irq_thread+0x118/0x1f4 irq_thread from kthread+0xd8/0xf4 kthread from ret_from_fork+0x14/0x28 Fix this by also setting message->complete to NULL when the transfer is complete.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36930.html
CVE-2024-36930
https://bugzilla.suse.com/1225830
SUSE Bug 1225830

Описание

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36940.html
CVE-2024-36940
https://bugzilla.suse.com/1225840
SUSE Bug 1225840
https://bugzilla.suse.com/1225841
SUSE Bug 1225841

Описание

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36941.html
CVE-2024-36941
https://bugzilla.suse.com/1225835
SUSE Bug 1225835

Описание

** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36942.html
CVE-2024-36942
https://bugzilla.suse.com/1225843
SUSE Bug 1225843

Описание

In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got out was: [ 93.607888] Testing event system initcall: OK [ 93.667730] Running tests on all trace events: [ 93.669757] Testing all events: OK [ 95.631064] ------------[ cut here ]------------ Timed out after 60 seconds" and further debugging points to a possible circular locking dependency between the console_owner locking and the worker pool locking. Reverting the commit allows Steve's VM to boot to completion again. [ This may obviously result in the "[TTM] Buffer eviction failed" messages again, which was the reason for that original revert. But at this point this seems preferable to a non-booting system... ]

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36944.html
CVE-2024-36944
https://bugzilla.suse.com/1225847
SUSE Bug 1225847

Описание

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4)

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36946.html
CVE-2024-36946
https://bugzilla.suse.com/1225851
SUSE Bug 1225851

Описание

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix dentry leak simple_recursive_removal() drops the pinning references to all positives in subtree. For the cases when its argument has been kept alive by the pinning alone that's exactly the right thing to do, but here the argument comes from dcache lookup, that needs to be balanced by explicit dput(). Fucked-up-by: Al Viro <viro@zeniv.linux.org.uk>

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36947.html
CVE-2024-36947
https://bugzilla.suse.com/1225856
SUSE Bug 1225856

Описание

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36949.html
CVE-2024-36949
https://bugzilla.suse.com/1225894
SUSE Bug 1225894

Описание

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. This freeze can be reproduced by loading firewire_ohci with "modprobe firewire_ohci debug=-1" (to enable all debugging output). Apparently there are also some cases where bus_reset_work will get called soon enough to clear the event, and operation will continue normally. This freeze was first reported a few months after a007bb85 was committed, but until now it was never fixed. The debug level could safely be set to -1 through sysfs after the module was loaded, but this would be ineffectual in logging bus reset interrupts since they were only unmasked during initialization. irq_handler will now leave the event flag set but mask bus reset interrupts, so irq_handler won't be called again and there will be no freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will unmask the interrupt after servicing the event, so future interrupts will be caught as desired. As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be enabled through sysfs in addition to during initial module loading. However, when enabled through sysfs, logging of bus reset interrupts will be effective only starting with the second bus reset, after bus_reset_work has executed.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36950.html
CVE-2024-36950
https://bugzilla.suse.com/1225895
SUSE Bug 1225895

Описание

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api to guard exception code type checking as well.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36951.html
CVE-2024-36951
https://bugzilla.suse.com/1225896
SUSE Bug 1225896

Описание

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() The documentation for device_get_named_child_node() mentions this important point: " The caller is responsible for calling fwnode_handle_put() on the returned fwnode pointer. " Add fwnode_handle_put() to avoid a leaked reference.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36955.html
CVE-2024-36955
https://bugzilla.suse.com/1225810
SUSE Bug 1225810

Описание

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36959.html
CVE-2024-36959
https://bugzilla.suse.com/1225839
SUSE Bug 1225839

Описание

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-36974.html
CVE-2024-36974
https://bugzilla.suse.com/1226519
SUSE Bug 1226519
https://bugzilla.suse.com/1227371
SUSE Bug 1227371

Описание

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc. Then the packet itself gets parsed to populate the rest of the keys from the packet headers. Whenever the packet parsing code starts parsing the ICMPv6 header, it first zeroes out fields in the key corresponding to Neighbor Discovery information even if it is not an ND packet. It is an 'ipv6.nd' field. However, the 'ipv6' is a union that shares the space between 'nd' and 'ct_orig' that holds the original tuple conntrack metadata parsed from the OVS_PACKET_ATTR_KEY. ND packets should not normally have conntrack state, so it's fine to share the space, but normal ICMPv6 Echo packets or maybe other types of ICMPv6 can have the state attached and it should not be overwritten. The issue results in all but the last 4 bytes of the destination address being wiped from the original conntrack tuple leading to incorrect packet matching and potentially executing wrong actions in case this packet recirculates within the datapath or goes back to userspace. ND fields should not be accessed in non-ND packets, so not clearing them should be fine. Executing memset() only for actual ND packets to avoid the issue. Initializing the whole thing before parsing is needed because ND packet may not contain all the options. The issue only affects the OVS_PACKET_CMD_EXECUTE path and doesn't affect packets entering OVS datapath from network interfaces, because in this case CT metadata is populated from skb after the packet is already parsed.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-38558.html
CVE-2024-38558
https://bugzilla.suse.com/1226783
SUSE Bug 1226783

Описание

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-38586.html
CVE-2024-38586
https://bugzilla.suse.com/1226750
SUSE Bug 1226750

Описание

In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU#3 stuck for 26s! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: loaded Not tainted 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Call Trace: <TASK> md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30 And the detailed process is as follows: md_do_sync j = mddev->resync_min while (j < max_sectors) sectors = raid10_sync_request(mddev, j, &skipped) if (!md_bitmap_start_sync(..., &sync_blocks)) // md_bitmap_start_sync set sync_blocks to 0 return sync_blocks + sectors_skippe; // sectors = 0; j += sectors; // j never change Root cause is that commit 301867b1c168 ("md/raid10: check slab-out-of-bounds in md_bitmap_get_counter") return early from md_bitmap_get_counter(), without setting returned blocks. Fix this problem by always set returned blocks from md_bitmap_get_counter"(), as it used to be. Noted that this patch just fix the softlockup problem in kernel, the case that bitmap size doesn't match array size still need to be fixed.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-38598.html
CVE-2024-38598
https://bugzilla.suse.com/1226757
SUSE Bug 1226757

Описание

In the Linux kernel, the following vulnerability has been resolved: block: refine the EOF check in blkdev_iomap_begin blkdev_iomap_begin rounds down the offset to the logical block size before stashing it in iomap->offset and checking that it still is inside the inode size. Check the i_size check to the raw pos value so that we don't try a zero size write if iter->pos is unaligned.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-38604.html
CVE-2024-38604
https://bugzilla.suse.com/1226866
SUSE Bug 1226866

Описание

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-38659.html
CVE-2024-38659
https://bugzilla.suse.com/1226883
SUSE Bug 1226883

Описание

In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290 Modules linked in: CPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7 RIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419 Call Trace: <TASK> ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375 generic_shutdown_super+0x136/0x2d0 fs/super.c:641 kill_block_super+0x44/0x90 fs/super.c:1675 ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327 [...] ============================================ This is because when finding an entry in ext4_xattr_block_cache_find(), if ext4_sb_bread() returns -ENOMEM, the ce's e_refcnt, which has already grown in the __entry_find(), won't be put away, and eventually trigger the above issue in mb_cache_destroy() due to reference count leakage. So call mb_cache_entry_put() on the -ENOMEM error branch as a quick fix.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39276.html
CVE-2024-39276
https://bugzilla.suse.com/1226993
SUSE Bug 1226993

Описание

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39468.html
CVE-2024-39468
https://bugzilla.suse.com/1227103
SUSE Bug 1227103

Описание

In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks") cleaned up the log reover buffer calculation, but stoped using the fixed up h_size value to size the log recovery buffer, which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool, but a fuzzer. Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39472.html
CVE-2024-39472
https://bugzilla.suse.com/1227432
SUSE Bug 1227432

Описание

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process->base_config_ext is NULL, causing NULL dereference when specifically crafted topology and sequences used.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39473.html
CVE-2024-39473
https://bugzilla.suse.com/1227433
SUSE Bug 1227433

Описание

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39474.html
CVE-2024-39474
https://bugzilla.suse.com/1227434
SUSE Bug 1227434

Описание

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However the function savagefb_probe doesn't handle the error return of savagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39475.html
CVE-2024-39475
https://bugzilla.suse.com/1227435
SUSE Bug 1227435

Описание

In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the expectation, on device unbind, is that hwmon will be released before drvdata. However, in i915 there are two separate code paths, which both release either drvdata or hwmon and either can be released before the other. These code paths (for device unbind) are as follows (see also the bug referenced below): Call Trace: release_nodes+0x11/0x70 devres_release_group+0xb2/0x110 component_unbind_all+0x8d/0xa0 component_del+0xa5/0x140 intel_pxp_tee_component_fini+0x29/0x40 [i915] intel_pxp_fini+0x33/0x80 [i915] i915_driver_remove+0x4c/0x120 [i915] i915_pci_remove+0x19/0x30 [i915] pci_device_remove+0x32/0xa0 device_release_driver_internal+0x19c/0x200 unbind_store+0x9c/0xb0 and Call Trace: release_nodes+0x11/0x70 devres_release_all+0x8a/0xc0 device_unbind_cleanup+0x9/0x70 device_release_driver_internal+0x1c1/0x200 unbind_store+0x9c/0xb0 This means that in i915, if use devm, we cannot gurantee that hwmon will always be released before drvdata. Which means that we have a uaf if hwmon sysfs is accessed when drvdata has been released but hwmon hasn't. The only way out of this seems to be do get rid of devm_ and release/free everything explicitly during device unbind. v2: Change commit message and other minor code changes v3: Cleanup from i915_hwmon_register on error (Armin Wolf) v4: Eliminate potential static analyzer warning (Rodrigo) Eliminate fetch_and_zero (Jani) v5: Restore previous logic for ddat_gt->hwmon_dev error return (Andi)

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39479.html
CVE-2024-39479
https://bugzilla.suse.com/1227443
SUSE Bug 1227443

Описание

In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in media_pipeline_start The graph walk tries to follow all links, even if they are not between pads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link. Fix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK links.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39481.html
CVE-2024-39481
https://bugzilla.suse.com/1227446
SUSE Bug 1227446

Описание

In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39482.html
CVE-2024-39482
https://bugzilla.suse.com/1227447
SUSE Bug 1227447

Описание

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39487.html
CVE-2024-39487
https://bugzilla.suse.com/1227573
SUSE Bug 1227573

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_cow_head() to ensure that there is sufficient headroom in the sk_buff for accommodating the link-layer header. In the event that the skb_cow_header() function fails, the seg6_input_core() catches the error but it does not release the sk_buff, which will result in a memory leak. This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due to headroom too small after SRH push") and persists even after commit 7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"), where the entire seg6_input() code was refactored to deal with netfilter hooks. The proposed patch addresses the identified memory leak by requiring the seg6_input_core() function to release the sk_buff in the event that skb_cow_head() fails.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39490.html
CVE-2024-39490
https://bugzilla.suse.com/1227626
SUSE Bug 1227626

Описание

In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39494.html
CVE-2024-39494
https://bugzilla.suse.com/1227716
SUSE Bug 1227716
https://bugzilla.suse.com/1227901
SUSE Bug 1227901

Описание

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just replaced (source device of the replace operation). This happens because at btrfs_load_zone_info() we extract a device from the chunk map into a local variable and then use the device while not under the protection of the device replace rwsem. So if there's a device replace operation happening when we extract the device and that device is the source of the replace operation, we will trigger a use-after-free if before we finish using the device the replace operation finishes and frees the device. Fix this by enlarging the critical section under the protection of the device replace rwsem so that all uses of the device are done inside the critical section.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39496.html
CVE-2024-39496
https://bugzilla.suse.com/1227719
SUSE Bug 1227719
https://bugzilla.suse.com/1227904
SUSE Bug 1227904

Описание

In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 [Why] Commit: - commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") accidently overwrite the commit - commit 54d217406afe ("drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2") which cause regression. [How] Recover the original NULL fix and remove the unnecessary input parameter 'state' for drm_dp_add_payload_part2(). (cherry picked from commit 4545614c1d8da603e57b60dd66224d81b6ffc305)

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39498.html
CVE-2024-39498
https://bugzilla.suse.com/1227723
SUSE Bug 1227723

Описание

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netif_napi_del() When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue' napi. Unused queues' napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn't distinguish whether the napi was unregistered or not because netif_napi_del() doesn't reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del(). Reproducer: ethtool -L <interface name> rx 1 tx 1 combined 0 ethtool -L <interface name> rx 0 tx 0 combined 1 ethtool -L <interface name> rx 0 tx 0 combined 4 Splat looks like: kernel BUG at net/core/dev.c:6666! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16 Workqueue: events ionic_lif_deferred_work [ionic] RIP: 0010:napi_enable+0x3b/0x40 Code: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f RSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28 RBP: ffffb6ed83227d50 R08: 0000000000000400 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 R13: ffff97560ce3c1a0 R14: 0000000000000000 R15: ffff975613ba0a20 FS: 0000000000000000(0000) GS:ffff975d5f780000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8f734ee200 CR3: 0000000103e50000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <TASK> ? die+0x33/0x90 ? do_trap+0xd9/0x100 ? napi_enable+0x3b/0x40 ? do_error_trap+0x83/0xb0 ? napi_enable+0x3b/0x40 ? napi_enable+0x3b/0x40 ? exc_invalid_op+0x4e/0x70 ? napi_enable+0x3b/0x40 ? asm_exc_invalid_op+0x16/0x20 ? napi_enable+0x3b/0x40 ionic_qcq_enable+0xb7/0x180 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_start_queues+0xc4/0x290 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_link_status_check+0x11c/0x170 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] ionic_lif_deferred_work+0x129/0x280 [ionic 59bdfc8a035436e1c4224ff7d10789e3f14643f8] process_one_work+0x145/0x360 worker_thread+0x2bb/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39502.html
CVE-2024-39502
https://bugzilla.suse.com/1227755
SUSE Bug 1227755

Описание

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: validate mandatory meta and payload Check for mandatory netlink attributes in payload and meta expression when used embedded from the inner expression, otherwise NULL pointer dereference is possible from userspace.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39504.html
CVE-2024-39504
https://bugzilla.suse.com/1227757
SUSE Bug 1227757

Описание

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix the problem, when link status change, need to check whether the roce registered, and when uninit, need to wait link update finish.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-39507.html
CVE-2024-39507
https://bugzilla.suse.com/1227730
SUSE Bug 1227730

Описание

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. The test_bit() and set_bit() functions operate on long values, and when testing or setting a single word, they can exceed the word boundary. KASAN detects this issue and produces a dump: BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965 For full log, please look at [1]. Make the allocation at least the size of sizeof(unsigned long) so that set_bit() and test_bit() have sufficient room for read/write operations without overwriting unallocated memory. [1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40901.html
CVE-2024-40901
https://bugzilla.suse.com/1227762
SUSE Bug 1227762

Описание

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal Currently, if teardown_hca fails to execute during driver removal, mlx5 does not stop the health timer. Afterwards, mlx5 continue with driver teardown. This may lead to a UAF bug, which results in page fault Oops[1], since the health timer invokes after resources were freed. Hence, stop the health monitor even if teardown_hca fails. [1] mlx5_core 0000:18:00.0: E-Switch: Unload vfs: mode(LEGACY), nvfs(0), necvfs(0), active vports(0) mlx5_core 0000:18:00.0: E-Switch: Disable: mode(LEGACY), nvfs(0), necvfs(0), active vports(0) mlx5_core 0000:18:00.0: E-Switch: Disable: mode(LEGACY), nvfs(0), necvfs(0), active vports(0) mlx5_core 0000:18:00.0: E-Switch: cleanup mlx5_core 0000:18:00.0: wait_func:1155:(pid 1967079): TEARDOWN_HCA(0x103) timeout. Will cause a leak of a command resource mlx5_core 0000:18:00.0: mlx5_function_close:1288:(pid 1967079): tear_down_hca failed, skip cleanup BUG: unable to handle page fault for address: ffffa26487064230 PGD 100c00067 P4D 100c00067 PUD 100e5a067 PMD 105ed7067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Tainted: G OE ------- --- 6.7.0-68.fc38.x86_64 #1 Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 RIP: 0010:ioread32be+0x34/0x60 RSP: 0018:ffffa26480003e58 EFLAGS: 00010292 RAX: ffffa26487064200 RBX: ffff9042d08161a0 RCX: ffff904c108222c0 RDX: 000000010bbf1b80 RSI: ffffffffc055ddb0 RDI: ffffa26487064230 RBP: ffff9042d08161a0 R08: 0000000000000022 R09: ffff904c108222e8 R10: 0000000000000004 R11: 0000000000000441 R12: ffffffffc055ddb0 R13: ffffa26487064200 R14: ffffa26480003f00 R15: ffff904c108222c0 FS: 0000000000000000(0000) GS:ffff904c10800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffa26487064230 CR3: 00000002c4420006 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x175/0x180 ? asm_exc_page_fault+0x26/0x30 ? __pfx_poll_health+0x10/0x10 [mlx5_core] ? __pfx_poll_health+0x10/0x10 [mlx5_core] ? ioread32be+0x34/0x60 mlx5_health_check_fatal_sensors+0x20/0x100 [mlx5_core] ? __pfx_poll_health+0x10/0x10 [mlx5_core] poll_health+0x42/0x230 [mlx5_core] ? __next_timer_interrupt+0xbc/0x110 ? __pfx_poll_health+0x10/0x10 [mlx5_core] call_timer_fn+0x21/0x130 ? __pfx_poll_health+0x10/0x10 [mlx5_core] __run_timers+0x222/0x2c0 run_timer_softirq+0x1d/0x40 __do_softirq+0xc9/0x2c8 __irq_exit_rcu+0xa6/0xc0 sysvec_apic_timer_interrupt+0x72/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:cpuidle_enter_state+0xcc/0x440 ? cpuidle_enter_state+0xbd/0x440 cpuidle_enter+0x2d/0x40 do_idle+0x20d/0x270 cpu_startup_entry+0x2a/0x30 rest_init+0xd0/0xd0 arch_call_rest_init+0xe/0x30 start_kernel+0x709/0xa90 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x96/0xa0 secondary_startup_64_no_verify+0x18f/0x19b ---[ end trace 0000000000000000 ]---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40906.html
CVE-2024-40906
https://bugzilla.suse.com/1227763
SUSE Bug 1227763

Описание

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp test_run callback syzbot reported crash when rawtp program executed through the test_run interface calls bpf_get_attach_cookie helper or any other helper that touches task->bpf_ctx pointer. Setting the run context (task->bpf_ctx pointer) for test_run callback.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40908.html
CVE-2024-40908
https://bugzilla.suse.com/1227783
SUSE Bug 1227783

Описание

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() In case of token is released due to token->state == BNXT_HWRM_DEFERRED, released token (set to NULL) is used in log messages. This issue is expected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But this error code is returned by recent firmware. So some firmware may not return it. This may lead to NULL pointer dereference. Adjust this issue by adding token pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40919.html
CVE-2024-40919
https://bugzilla.suse.com/1227779
SUSE Bug 1227779

Описание

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: disable rx data ring on dma allocation failure When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base, the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset rq->data_ring.desc_size for the data ring that failed, which presumably causes the hypervisor to reference it on packet reception. To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell the hypervisor to disable this feature. [ 95.436876] kernel BUG at net/core/skbuff.c:207! [ 95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1 [ 95.441558] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018 [ 95.443481] RIP: 0010:skb_panic+0x4d/0x4f [ 95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50 ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9 ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24 [ 95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246 [ 95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f [ 95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60 [ 95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000 [ 95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0 [ 95.455682] FS: 0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000 [ 95.457178] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0 [ 95.459791] Call Trace: [ 95.460515] <IRQ> [ 95.461180] ? __die_body.cold+0x19/0x27 [ 95.462150] ? die+0x2e/0x50 [ 95.462976] ? do_trap+0xca/0x110 [ 95.463973] ? do_error_trap+0x6a/0x90 [ 95.464966] ? skb_panic+0x4d/0x4f [ 95.465901] ? exc_invalid_op+0x50/0x70 [ 95.466849] ? skb_panic+0x4d/0x4f [ 95.467718] ? asm_exc_invalid_op+0x1a/0x20 [ 95.468758] ? skb_panic+0x4d/0x4f [ 95.469655] skb_put.cold+0x10/0x10 [ 95.470573] vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3] [ 95.471853] vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3] [ 95.473185] __napi_poll+0x2b/0x160 [ 95.474145] net_rx_action+0x2c6/0x3b0 [ 95.475115] handle_softirqs+0xe7/0x2a0 [ 95.476122] __irq_exit_rcu+0x97/0xb0 [ 95.477109] common_interrupt+0x85/0xa0 [ 95.478102] </IRQ> [ 95.478846] <TASK> [ 95.479603] asm_common_interrupt+0x26/0x40 [ 95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246 [ 95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000 [ 95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001 [ 95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3 [ 95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260 [ 95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000 [ 95.495035] acpi_safe_halt+0x14/0x20 [ 95.496127] acpi_idle_do_entry+0x2f/0x50 [ 95.497221] acpi_idle_enter+0x7f/0xd0 [ 95.498272] cpuidle_enter_state+0x81/0x420 [ 95.499375] cpuidle_enter+0x2d/0x40 [ 95.500400] do_idle+0x1e5/0x240 [ 95.501385] cpu_startup_entry+0x29/0x30 [ 95.502422] start_secondary+0x11c/0x140 [ 95.503454] common_startup_64+0x13e/0x141 [ 95.504466] </TASK> [ 95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ip ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40923.html
CVE-2024-40923
https://bugzilla.suse.com/1227786
SUSE Bug 1227786

Описание

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine"). The root cause is that we use "list_move_tail(&rq->queuelist, pending)" in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch(). We don't initialize its queuelist just for this first request, although the queuelist of all later popped requests will be initialized. Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so rq->queuelist doesn't need to be initialized. It should be ok since rq can't be on any list when PREFLUSH or POSTFLUSH, has no move actually. Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine") also has another requirement that no drivers would touch rq->queuelist after blk_mq_end_request() since we will reuse it to add rq to the post-flush pending list in POSTFLUSH. If this is not true, we will have to revert that commit IMHO. This updated version adds "list_del_init(&rq->queuelist)" in flush rq callback since the dm layer may submit request of a weird invalid format (REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add if without this "list_del_init(&rq->queuelist)". The weird invalid format problem should be fixed in dm layer.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40925.html
CVE-2024-40925
https://bugzilla.suse.com/1227789
SUSE Bug 1227789

Описание

In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Clang static checker (scan-build) warning: net/ethtool/ioctl.c:line 2233, column 2 Called function pointer is null (null dereference). Return '-EOPNOTSUPP' when 'ops->get_ethtool_phy_stats' is NULL to fix this typo error.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40928.html
CVE-2024-40928
https://bugzilla.suse.com/1227788
SUSE Bug 1227788

Описание

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_una is still left uninitialized. Address the issue explicitly initializing snd_una together with snd_nxt and write_seq.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40931.html
CVE-2024-40931
https://bugzilla.suse.com/1227780
SUSE Bug 1227780

Описание

In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILES_DEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write() will always return -EIO, so the daemon can't pass the copen to the kernel. Then the kernel process that is waiting for the copen triggers a hung_task. Since the DEAD state is irreversible, it can only be exited by closing /dev/cachefiles. Therefore, after calling cachefiles_io_error() to mark the cache as CACHEFILES_DEAD, if in ondemand mode, flush all requests to avoid the above hungtask. We may still be able to read some of the cached data before closing the fd of /dev/cachefiles. Note that this relies on the patch that adds reference counting to the req, otherwise it may UAF.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40935.html
CVE-2024-40935
https://bugzilla.suse.com/1227797
SUSE Bug 1227797

Описание

In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40937.html
CVE-2024-40937
https://bugzilla.suse.com/1227836
SUSE Bug 1227836
https://bugzilla.suse.com/1227903
SUSE Bug 1227903

Описание

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5_lag_create_port_sel_table(), instead of previously created rules, the tainted pointer is deleted deveral times. Fix this bug by using correct flow rules pointers. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40940.html
CVE-2024-40940
https://bugzilla.suse.com/1227800
SUSE Bug 1227800

Описание

In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 5 PID: 1286325 Comm: kubeletmonit.sh Kdump: loaded Tainted: P Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 RIP: 0010:ima_match_policy+0x84/0x450 Code: 49 89 fc 41 89 cf 31 ed 89 44 24 14 eb 1c 44 39 7b 18 74 26 41 83 ff 05 74 20 48 8b 1b 48 3b 1d f2 b9 f4 00 0f 84 9c 01 00 00 <44> 85 73 10 74 ea 44 8b 6b 14 41 f6 c5 01 75 d4 41 f6 c5 02 74 0f RSP: 0018:ff71570009e07a80 EFLAGS: 00010207 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200 RDX: ffffffffad8dc7c0 RSI: 0000000024924925 RDI: ff3e27850dea2000 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffabfce739 R10: ff3e27810cc42400 R11: 0000000000000000 R12: ff3e2781825ef970 R13: 00000000ff3e2785 R14: 000000000000000c R15: 0000000000000001 FS: 00007f5195b51740(0000) GS:ff3e278b12d40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 0000000626d24002 CR4: 0000000000361ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ima_get_action+0x22/0x30 process_measurement+0xb0/0x830 ? page_add_file_rmap+0x15/0x170 ? alloc_set_pte+0x269/0x4c0 ? prep_new_page+0x81/0x140 ? simple_xattr_get+0x75/0xa0 ? selinux_file_open+0x9d/0xf0 ima_file_check+0x64/0x90 path_openat+0x571/0x1720 do_filp_open+0x9b/0x110 ? page_counter_try_charge+0x57/0xc0 ? files_cgroup_alloc_fd+0x38/0x60 ? __alloc_fd+0xd4/0x250 ? do_sys_open+0x1bd/0x250 do_sys_open+0x1bd/0x250 do_syscall_64+0x5d/0x1d0 entry_SYSCALL_64_after_hwframe+0x65/0xca Commit c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()") introduced call to ima_lsm_copy_rule within a RCU read-side critical section which contains kmalloc with GFP_KERNEL. This implies a possible sleep and violates limitations of RCU read-side critical sections on non-PREEMPT systems. Sleeping within RCU read-side critical section might cause synchronize_rcu() returning early and break RCU protection, allowing a UAF to happen. The root cause of this issue could be described as follows: | Thread A | Thread B | | |ima_match_policy | | | rcu_read_lock | |ima_lsm_update_rule | | | synchronize_rcu | | | | kmalloc(GFP_KERNEL)| | | sleep | ==> synchronize_rcu returns early | kfree(entry) | | | | entry = entry->next| ==> UAF happens and entry now becomes NULL (or could be anything). | | entry->action | ==> Accessing entry might cause panic. To fix this issue, we are converting all kmalloc that is called within RCU read-side critical section to use GFP_ATOMIC. [PM: fixed missing comment, long lines, !CONFIG_IMA_LSM_RULES case]

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40947.html
CVE-2024-40947
https://bugzilla.suse.com/1227803
SUSE Bug 1227803

Описание

In the Linux kernel, the following vulnerability has been resolved: mm/page_table_check: fix crash on ZONE_DEVICE Not all pages may apply to pgtable check. One example is ZONE_DEVICE pages: they map PFNs directly, and they don't allocate page_ext at all even if there's struct page around. One may reference devm_memremap_pages(). When both ZONE_DEVICE and page-table-check enabled, then try to map some dax memories, one can trigger kernel bug constantly now when the kernel was trying to inject some pfn maps on the dax device: kernel BUG at mm/page_table_check.c:55! While it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page fault resolutions, skip all the checks if page_ext doesn't even exist in pgtable checker, which applies to ZONE_DEVICE but maybe more.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40948.html
CVE-2024-40948
https://bugzilla.suse.com/1227801
SUSE Bug 1227801

Описание

In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() Use {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's theoretically possible for KVM to attempt to get a vCPU using an out-of-bounds index, e.g. if the write is split into multiple 8-bit stores, and is paired with a 32-bit load on a VM with 257 vCPUs: CPU0 CPU1 last_boosted_vcpu = 0xff; (last_boosted_vcpu = 0x100) last_boosted_vcpu[15:8] = 0x01; i = (last_boosted_vcpu = 0x1ff) last_boosted_vcpu[7:0] = 0x00; vcpu = kvm->vcpu_array[0x1ff]; As detected by KCSAN: BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm] write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16: kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:? arch/x86/kvm/vmx/vmx.c:6606) kvm_intel vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890) __x64_sys_ioctl (fs/ioctl.c:890) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4: kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:? arch/x86/kvm/vmx/vmx.c:6606) kvm_intel vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890) __x64_sys_ioctl (fs/ioctl.c:890) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x00000012 -> 0x00000000

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40953.html
CVE-2024-40953
https://bugzilla.suse.com/1227806
SUSE Bug 1227806

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f] CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:rt6_probe net/ipv6/route.c:656 [inline] RIP: 0010:find_match+0x8c4/0xf50 net/ipv6/route.c:758 Code: 14 fd f7 48 8b 85 38 ff ff ff 48 c7 45 b0 00 00 00 00 48 8d b8 5c 06 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 19 RSP: 0018:ffffc900034af070 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004521000 RDX: 00000000000000cb RSI: ffffffff8990d0cd RDI: 000000000000065c RBP: ffffc900034af150 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000002 R12: 000000000000000a R13: 1ffff92000695e18 R14: ffff8880244a1d20 R15: 0000000000000000 FS: 00007f4844a5a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b31b27000 CR3: 000000002d42c000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> rt6_nh_find_match+0xfa/0x1a0 net/ipv6/route.c:784 nexthop_for_each_fib6_nh+0x26d/0x4a0 net/ipv4/nexthop.c:1496 __find_rr_leaf+0x6e7/0xe00 net/ipv6/route.c:825 find_rr_leaf net/ipv6/route.c:853 [inline] rt6_select net/ipv6/route.c:897 [inline] fib6_table_lookup+0x57e/0xa30 net/ipv6/route.c:2195 ip6_pol_route+0x1cd/0x1150 net/ipv6/route.c:2231 pol_lookup_func include/net/ip6_fib.h:616 [inline] fib6_rule_lookup+0x386/0x720 net/ipv6/fib6_rules.c:121 ip6_route_output_flags_noref net/ipv6/route.c:2639 [inline] ip6_route_output_flags+0x1d0/0x640 net/ipv6/route.c:2651 ip6_dst_lookup_tail.constprop.0+0x961/0x1760 net/ipv6/ip6_output.c:1147 ip6_dst_lookup_flow+0x99/0x1d0 net/ipv6/ip6_output.c:1250 rawv6_sendmsg+0xdab/0x4340 net/ipv6/raw.c:898 inet_sendmsg+0x119/0x140 net/ipv4/af_inet.c:853 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x4b8/0x5c0 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0x6b6/0x1140 fs/read_write.c:590 ksys_write+0x1f8/0x260 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40960.html
CVE-2024-40960
https://bugzilla.suse.com/1227813
SUSE Bug 1227813

Описание

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606 Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b RSP: 0018:ffffc900032775a0 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000 RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8 RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000 R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8 R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000 FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809 ip6_route_add+0x28/0x160 net/ipv6/route.c:3853 ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483 inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f940f07cea9

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40961.html
CVE-2024-40961
https://bugzilla.suse.com/1227814
SUSE Bug 1227814

Описание

In the Linux kernel, the following vulnerability has been resolved: tty: add the option to have a tty reject a new ldisc ... and use it to limit the virtual terminals to just N_TTY. They are kind of special, and in particular, the "con_write()" routine violates the "writes cannot sleep" rule that some ldiscs rely on. This avoids the BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659 when N_GSM has been attached to a virtual console, and gsmld_write() calls con_write() while holding a spinlock, and con_write() then tries to get the console lock.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40966.html
CVE-2024-40966
https://bugzilla.suse.com/1227886
SUSE Bug 1227886

Описание

In the Linux kernel, the following vulnerability has been resolved: Avoid hw_desc array overrun in dw-axi-dmac I have a use case where nr_buffers = 3 and in which each descriptor is composed by 3 segments, resulting in the DMA channel descs_allocated to be 9. Since axi_desc_put() handles the hw_desc considering the descs_allocated, this scenario would result in a kernel panic (hw_desc array will be overrun). To fix this, the proposal is to add a new member to the axi_dma_desc structure, where we keep the number of allocated hw_descs (axi_desc_alloc()) and use it in axi_desc_put() to handle the hw_desc array correctly. Additionally I propose to remove the axi_chan_start_first_queued() call after completing the transfer, since it was identified that unbalance can occur (started descriptors can be interrupted and transfer ignored due to DMA channel not being enabled).

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40970.html
CVE-2024-40970
https://bugzilla.suse.com/1227899
SUSE Bug 1227899

Описание

In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (which acquires locks on other buffers) under the buffer lock. This can even deadlock when the filesystem is corrupted and e.g. quota file is setup to contain xattr block as data block. Move the allocation of EA inode out of ext4_xattr_set_entry() into the callers.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40972.html
CVE-2024-40972
https://bugzilla.suse.com/1227910
SUSE Bug 1227910

Описание

In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the regulator subsystem. If a regulator gets unregistered while there are still drivers holding a reference a WARN() at drivers/regulator/core.c:5829 triggers, e.g.: WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:5829 regulator_unregister Hardware name: Intel Corp. VALLEYVIEW C0 PLATFORM/BYT-T FFD8, BIOS BLADE_21.X64.0005.R00.1504101516 FFD8_X64_R_2015_04_10_1516 04/10/2015 RIP: 0010:regulator_unregister Call Trace: <TASK> regulator_unregister devres_release_group i2c_device_remove device_release_driver_internal bus_remove_device device_del device_unregister x86_android_tablet_remove On the Lenovo Yoga Tablet 2 series the bq24190 charger chip also provides a 5V boost converter output for powering USB devices connected to the micro USB port, the bq24190-charger driver exports this as a Vbus regulator. On the 830 (8") and 1050 ("10") models this regulator is controlled by a platform_device and x86_android_tablet_remove() removes platform_device-s before i2c_clients so the consumer gets removed first. But on the 1380 (13") model there is a lc824206xa micro-USB switch connected over I2C and the extcon driver for that controls the regulator. The bq24190 i2c-client *must* be registered first, because that creates the regulator with the lc824206xa listed as its consumer. If the regulator has not been registered yet the lc824206xa driver will end up getting a dummy regulator. Since in this case both the regulator provider and consumer are I2C devices, the only way to ensure that the consumer is unregistered first is to unregister the I2C devices in reverse order of in which they were created. For consistency and to avoid similar problems in the future change x86_android_tablet_remove() to unregister all device types in reverse order.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40975.html
CVE-2024-40975
https://bugzilla.suse.com/1227926
SUSE Bug 1227926

Описание

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix kernel crash during resume Currently during resume, QMI target memory is not properly handled, resulting in kernel crash in case DMA remap is not supported: BUG: Bad page state in process kworker/u16:54 pfn:36e80 page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80 page dumped because: nonzero _refcount Call Trace: bad_page free_page_is_bad_report __free_pages_ok __free_pages dma_direct_free dma_free_attrs ath12k_qmi_free_target_mem_chunk ath12k_qmi_msg_mem_request_cb The reason is: Once ath12k module is loaded, firmware sends memory request to host. In case DMA remap not supported, ath12k refuses the first request due to failure in allocating with large segment size: ath12k_pci 0000:04:00.0: qmi firmware request memory request ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 7077888 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 8454144 ath12k_pci 0000:04:00.0: qmi dma allocation failed (7077888 B type 1), will try later with small size ath12k_pci 0000:04:00.0: qmi delays mem_request 2 ath12k_pci 0000:04:00.0: qmi firmware request memory request Later firmware comes back with more but small segments and allocation succeeds: ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 262144 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 65536 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 Now ath12k is working. If suspend is triggered, firmware will be reloaded during resume. As same as before, firmware requests two large segments at first. In ath12k_qmi_msg_mem_request_cb() segment count and size are assigned: ab->qmi.mem_seg_count == 2 ab->qmi.target_mem[0].size == 7077888 ab->qmi.target_mem[1].size == 8454144 Then allocation failed like before and ath12k_qmi_free_target_mem_chunk() is called to free all allocated segments. Note the first segment is skipped because its v.addr is cleared due to allocation failure: chunk->v.addr = dma_alloc_coherent() Also note that this leaks that segment because it has not been freed. While freeing the second segment, a size of 8454144 is passed to dma_free_coherent(). However remember that this segment is allocated at the first time firmware is loaded, before suspend. So its real size is 524288, much smaller than 8454144. As a result kernel found we are freeing some memory which is in use and thus cras ---truncated---

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40979.html
CVE-2024-40979
https://bugzilla.suse.com/1227855
SUSE Bug 1227855

Описание

In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the uninitialized rs->lock: ext4_fill_super ext4_register_sysfs // sysfs registered msg_ratelimit_interval_ms // Other processes modify rs->interval to // non-zero via msg_ratelimit_interval_ms ext4_orphan_cleanup ext4_msg(sb, KERN_INFO, "Errors on filesystem, " __ext4_msg ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state) if (!rs->interval) // do nothing if interval is 0 return 1; raw_spin_trylock_irqsave(&rs->lock, flags) raw_spin_trylock(lock) _raw_spin_trylock __raw_spin_trylock spin_acquire(&lock->dep_map, 0, 1, _RET_IP_) lock_acquire __lock_acquire register_lock_class assign_lock_key dump_stack(); ratelimit_state_init(&sbi->s_msg_ratelimit_state, 5 * HZ, 10); raw_spin_lock_init(&rs->lock); // init rs->lock here and get the following dump_stack: ========================================================= INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 12 PID: 753 Comm: mount Tainted: G E 6.7.0-rc6-next-20231222 #504 [...] Call Trace: dump_stack_lvl+0xc5/0x170 dump_stack+0x18/0x30 register_lock_class+0x740/0x7c0 __lock_acquire+0x69/0x13a0 lock_acquire+0x120/0x450 _raw_spin_trylock+0x98/0xd0 ___ratelimit+0xf6/0x220 __ext4_msg+0x7f/0x160 [ext4] ext4_orphan_cleanup+0x665/0x740 [ext4] __ext4_fill_super+0x21ea/0x2b10 [ext4] ext4_fill_super+0x14d/0x360 [ext4] [...] ========================================================= Normally interval is 0 until s_msg_ratelimit_state is initialized, so ___ratelimit() does nothing. But registering sysfs precedes initializing rs->lock, so it is possible to change rs->interval to a non-zero value via the msg_ratelimit_interval_ms interface of sysfs while rs->lock is uninitialized, and then a call to ext4_msg triggers the problem by accessing an uninitialized rs->lock. Therefore register sysfs after all initializations are complete to avoid such problems.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40998.html
CVE-2024-40998
https://bugzilla.suse.com/1227866
SUSE Bug 1227866

Описание

In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that `first` flag is set only for the first descriptor in multi-buffer packets. In case of an invalid descriptor, a reset will occur. A new reset reason for RX data corruption has been added.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-40999.html
CVE-2024-40999
https://bugzilla.suse.com/1227913
SUSE Bug 1227913

Описание

In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() [0]. Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag. But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() function has been called. So it makes no sense to hold the reference count because no one will call another nr_destroy_socket() and put it as in the case "b." nr_connect nr_establish_data_link nr_start_heartbeat nr_release switch (nr->state) case NR_STATE_3 nr->state = NR_STATE_2 sock_set_flag(sk, SOCK_DESTROY); nr_rx_frame nr_process_rx_frame switch (nr->state) case NR_STATE_2 nr_state2_machine() nr_disconnect() nr_sk(sk)->state = NR_STATE_0 sock_set_flag(sk, SOCK_DEAD) nr_heartbeat_expiry switch (nr->state) case NR_STATE_0 if (sock_flag(sk, SOCK_DESTROY) || (sk->sk_state == TCP_LISTEN && sock_flag(sk, SOCK_DEAD))) sock_hold() // ( !!! ) nr_destroy_socket() To fix the memory leak, let's call sock_hold() only for a listening socket. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with Syzkaller. [0]: https://syzkaller.appspot.com/bug?extid=d327a1f3b12e1e206c16

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41006.html
CVE-2024-41006
https://bugzilla.suse.com/1227862
SUSE Bug 1227862

Описание

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41011.html
CVE-2024-41011
https://bugzilla.suse.com/1228114
SUSE Bug 1228114
https://bugzilla.suse.com/1228115
SUSE Bug 1228115

Описание

In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start offset of the dup and dep is within the range. So in a crafted image, if last entry is xfs_dir2_data_unused, we can change dup->length to dup->length-1 and leave 1 byte of space. In the next traversal, this space will be considered as dup or dep. We may encounter an out of bound read when accessing the fixed members. In the patch, we make sure that the remaining bytes large enough to hold an unused entry before accessing xfs_dir2_data_unused and xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make sure that the remaining bytes large enough to hold a dirent with a single-byte name before accessing xfs_dir2_data_entry.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41013.html
CVE-2024-41013
https://bugzilla.suse.com/1228405
SUSE Bug 1228405

Описание

In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ensure that tail_blk and head_blk are the same, which will result in the inability to enter xlog_recover_process_data 3) Write a tool to parse and modify the copied image in step 2 4) Make the end of the xlog_op_header entries only 1 byte away from xlog_rec_header->h_size 5) xlog_rec_header->h_num_logops++ 6) Modify xlog_rec_header->h_crc Fix: Add a check to make sure there is sufficient space to access fixed members of xlog_op_header.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41014.html
CVE-2024-41014
https://bugzilla.suse.com/1228408
SUSE Bug 1228408

Описание

In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist.

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41017.html
CVE-2024-41017
https://bugzilla.suse.com/1228403
SUSE Bug 1228403

Описание

In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tap_get_user_xdp()-->skb_set_network_header() may assume the size is more than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tap_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted. This is to drop any frame shorter than the Ethernet header size just like how tap_get_user() does. CVE: CVE-2024-41090

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41090.html
CVE-2024-41090
https://bugzilla.suse.com/1228328
SUSE Bug 1228328
https://bugzilla.suse.com/1228714
SUSE Bug 1228714

Описание

In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one-->eth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tun_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted for IFF_TAP. This is to drop any frame shorter than the Ethernet header size just like how tun_get_user() does. CVE: CVE-2024-41091

Затронутые продукты

Container bci/bci-sle15-kernel-module-devel:latest:kernel-default-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-devel-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-macros-6.4.0-150600.23.17.1

Container bci/bci-sle15-kernel-module-devel:latest:kernel-syms-6.4.0-150600.23.17.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41091.html
CVE-2024-41091
https://bugzilla.suse.com/1228327
SUSE Bug 1228327

SUSE-SU-2024:2802-1

Описание

Список пакетов

Container bci/bci-sle15-kernel-module-devel:latest

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

Image SLES15-SP6

Image SLES15-SP6-BYOS

Image SLES15-SP6-BYOS-Azure

Image SLES15-SP6-BYOS-EC2

Image SLES15-SP6-BYOS-GCE

Image SLES15-SP6-CHOST-BYOS

Image SLES15-SP6-CHOST-BYOS-Aliyun

Image SLES15-SP6-CHOST-BYOS-Azure

Image SLES15-SP6-CHOST-BYOS-EC2

Image SLES15-SP6-CHOST-BYOS-GCE

Image SLES15-SP6-CHOST-BYOS-GDC

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

Image SLES15-SP6-EC2

Image SLES15-SP6-EC2-ECS-HVM

Image SLES15-SP6-GCE

Image SLES15-SP6-HPC-BYOS

Image SLES15-SP6-HPC-BYOS-Azure

Image SLES15-SP6-HPC-BYOS-EC2

Image SLES15-SP6-HPC-BYOS-GCE

Image SLES15-SP6-HPC-EC2

Image SLES15-SP6-HPC-GCE

Image SLES15-SP6-Hardened-BYOS

Image SLES15-SP6-Hardened-BYOS-Azure

Image SLES15-SP6-Hardened-BYOS-EC2

Image SLES15-SP6-Hardened-BYOS-GCE

Image SLES15-SP6-SAP

Image SLES15-SP6-SAP-Azure

Image SLES15-SP6-SAP-Azure-LI-BYOS

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

Image SLES15-SP6-SAP-Azure-VLI-BYOS

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP6-SAP-BYOS

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-BYOS-EC2

Image SLES15-SP6-SAP-BYOS-GCE

Image SLES15-SP6-SAP-EC2

Image SLES15-SP6-SAP-GCE

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP6-SAP-Hardened-GCE

Image SLES15-SP6-SAPCAL

Image SLES15-SP6-SAPCAL-Azure

Image SLES15-SP6-SAPCAL-EC2

Image SLES15-SP6-SAPCAL-GCE

SUSE Linux Enterprise High Availability Extension 15 SP6

SUSE Linux Enterprise Live Patching 15 SP6

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Development Tools 15 SP6

SUSE Linux Enterprise Module for Legacy 15 SP6

SUSE Linux Enterprise Workstation Extension 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2023-38417

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-47210

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-51780

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-52435

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-52472

Описание