SUSE 5149 Published by

The following updates are available for openSUSE and SUSE Linux Enterprise:

SUSE-SU-2024:1497-1: important: Security update for skopeo
SUSE-SU-2024:1480-1: important: Security update for the Linux Kernel
SUSE-SU-2024:1475-1: important: Security update for frr
SUSE-SU-2024:1468-1: important: Security update for ffmpeg
SUSE-SU-2024:1470-1: important: Security update for ffmpeg-4
SUSE-SU-2024:1466-1: important: Security update for the Linux Kernel
SUSE-SU-2024:1451-1: low: Security update for java-1_8_0-openjdk
SUSE-SU-2024:1453-1: important: Security update for frr
SUSE-SU-2024:1447-1: moderate: Security update for openCryptoki




SUSE-SU-2024:1497-1: important: Security update for skopeo


# Security update for skopeo

Announcement ID: SUSE-SU-2024:1497-1
Rating: important
References:

* bsc#1215611
* bsc#1219563

Affected Products:

* Basesystem Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that has two security fixes can now be installed.

## Description:

This update for skopeo fixes the following issues:

* Update to version 1.14.2:
* [release-1.14] Bump Skopeo to v1.14.2
* [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes
bsc#1219563)

* Update to version 1.14.1:

* Bump to v1.14.1
* fix(deps): update module github.com/containers/common to v0.57.2
* fix(deps): update module github.com/containers/image/v5 to v5.29.1
* chore(deps): update dependency containers/automation_images to v20240102
* Fix libsubid detection
* fix(deps): update module golang.org/x/term to v0.16.0
* fix(deps): update golang.org/x/exp digest to 02704c9
* chore(deps): update dependency containers/automation_images to v20231208
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containers/common to v0.57.1
* fix(deps): update golang.org/x/exp digest to 6522937
* DOCS: add Gentoo in install.md
* DOCS: Update to add Arch Linux in install.md
* fix(deps): update module golang.org/x/term to v0.15.0
* Bump to v1.14.1-dev

* Update to version 1.14.0:

* Bump to v1.14.0
* fix(deps): update module github.com/containers/common to v0.57.0
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update module github.com/containers/image/v5 to v5.29.0
* Add documentation and smoke tests for the new --compat-auth-file options
* Update c/image and c/common to latest
* fix(deps): update module github.com/containers/storage to v1.51.0
* fix(deps): update module golang.org/x/term to v0.14.0
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* fix(deps): update github.com/containers/common digest to 3e5caa0
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* fix(deps): update module github.com/containers/ocicrypt to v1.1.9
* Update github.com/klauspost/compress to v1.17.2
* chore(deps): update module github.com/docker/docker to v24.0.7+incompatible
[security]
* Fix ENTRYPOINT documentation, drop others.
* Remove unused environment variables in Cirrus
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* chore(deps): update dependency containers/automation_images to v20231004
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* copy: Note support for `zstd:chunked`
* fix(deps): update module golang.org/x/term to v0.13.0
* fix(deps): update module github.com/docker/distribution to
v2.8.3+incompatible
* fix(deps): update github.com/containers/common digest to 745eaa4
* Packit: switch to @containers/packit-build team for copr failure
notification comments
* Packit: tag @lsm5 on copr build failures
* vendor of containers/common
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
* fix(deps): update module github.com/containers/common to v0.56.0
* Cirrus: Remove multi-arch skopeo image builds
* fix(deps): update module github.com/containers/image/v5 to v5.28.0
* Increase the golangci-lint timeout
* fix(deps): update module github.com/containers/storage to v1.50.2
* fix(deps): update module github.com/containers/storage to v1.50.1
* fix(deps): update golang.org/x/exp digest to 9212866
* Fix a man page link
* fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
* GHA: Closed issue/PR comment-lock test
* fix(deps): update module github.com/containers/common to v0.55.4
* fix(deps): update module github.com/containers/storage to v1.49.0
* rpm: spdx compatible license field
* chore(deps): update dependency golangci/golangci-lint to v1.54.2
* chore(deps): update dependency containers/automation_images to v20230816
* Packit: set eln target correctly
* packit: Build PRs into default packit COPRs
* DOCS: Update Go version requirement info
* DOCS: Add information about the cross-build
* fix(deps): update module github.com/containers/ocicrypt to v1.1.8
* fix(deps): update module github.com/containers/common to v0.55.3
* Update c/image after https://github.com/containers/image/pull/2070
* chore(deps): update dependency golangci/golangci-lint to v1.54.1
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update golang.org/x/exp digest to 352e893
* chore(deps): update dependency containers/automation_images to v20230807
* Update to Go 1.19
* fix(deps): update module golang.org/x/term to v0.11.0
* Update c/image for golang.org/x/exp
* RPM: define gobuild macro for rhel/centos stream
* Fix handling the unexpected return value combination from
IsRunningImageAllowed
* Close the PolicyContext, as required by the API
* Use globalOptions.getPolicyContext instead of an image-targeted
SystemContext
* Packit: remove pre-sync action
* fix(deps): update module github.com/containers/common to v0.55.2
* proxy: Change the imgid to uint64
* [CI:BUILD] Packit: install golist before updating downstream spec
* Update module golang.org/x/term to v0.10.0
* Bump to v1.14.0-dev
* Bump to v1.13.0

* Bump go version to 1.21 (bsc#1215611)

* Update to version 1.13.2:

* [release-1.13] Bump to v1.13.2
* [release-1.31] Bump c/common v0.55.3
* Packit: remove pre-sync action
* [release-1.13] Bump to v1.13.2-dev

* Update to version 1.13.1:

* [release-1.13] Bump to v1.13.1
* [release-1.13] Bump c/common to v0.55.2
* [release-1.13 backport] [CI:BUILD] Packit: install golist before updating
downstream spec
* [release-1.13] Bump to v1.13.1-dev

* Update to version 1.13.0:

* Bump to v1.13.0
* proxy: Policy verification of OCI Image before pulling
* Update module github.com/opencontainers/image-spec to v1.1.0-rc4
* Update module github.com/containers/common to v0.55.1
* Update module github.com/containers/common to v0.54.0
* Update module github.com/containers/image/v5 to v5.26.0
* [CI:BUILD] RPM: fix ELN builds
* Update module github.com/containers/storage to v1.47.0
* Packit: easier to read distro conditionals
* Update dependency golangci/golangci-lint to v1.53.3
* Help Renovate manage the golangci-lint version
* Minor: Cleanup renovate configuration
* Update dependency containers/automation_images to v20230614
* Update module golang.org/x/term to v0.9.0
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* Update module github.com/sirupsen/logrus to v1.9.3
* Update dependency containers/automation_images to v20230601
* Update golang.org/x/exp digest to 2e198f4
* Update github.com/containers/image/v5 digest to e14c1c5
* Update module github.com/stretchr/testify to v1.8.4
* Update module github.com/stretchr/testify to v1.8.3
* Update dependency containers/automation_images to v20230517
* Update module github.com/sirupsen/logrus to v1.9.2
* Update module github.com/docker/distribution to v2.8.2+incompatible
* Trigger an update of the ostree_ext container image
* Update c/image with https://github.com/containers/image/pull/1944
* Update module github.com/containers/common to v0.53.0
* Update module golang.org/x/term to v0.8.0
* Update dependency containers/automation_images to v20230426
* Update golang.org/x/exp digest to 47ecfdc
* Emphasize the semantics of --preserve-digests a tiny bit
* Improve the static build documentation a tiny bit
* Bump to v1.12.1-dev

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1497=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1497=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1497=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1497=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1497=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1497=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1497=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1497=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1497=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1497=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1497=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1497=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1497=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1497=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1497=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* openSUSE Leap 15.3 (noarch)
* skopeo-zsh-completion-1.14.2-150300.11.8.1
* skopeo-bash-completion-1.14.2-150300.11.8.1
* skopeo-fish-completion-1.14.2-150300.11.8.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Manager Proxy 4.3 (x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1

## References:

* https://bugzilla.suse.com/show_bug.cgi?id=1215611
* https://bugzilla.suse.com/show_bug.cgi?id=1219563



SUSE-SU-2024:1480-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:1480-1
Rating: important
References:

* bsc#1194869
* bsc#1200465
* bsc#1205316
* bsc#1207948
* bsc#1209635
* bsc#1209657
* bsc#1212514
* bsc#1213456
* bsc#1214852
* bsc#1215221
* bsc#1215322
* bsc#1217339
* bsc#1217829
* bsc#1217959
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218321
* bsc#1218336
* bsc#1218479
* bsc#1218562
* bsc#1218643
* bsc#1218777
* bsc#1219169
* bsc#1219170
* bsc#1219264
* bsc#1219443
* bsc#1219834
* bsc#1220114
* bsc#1220176
* bsc#1220237
* bsc#1220251
* bsc#1220320
* bsc#1220325
* bsc#1220328
* bsc#1220337
* bsc#1220340
* bsc#1220365
* bsc#1220366
* bsc#1220393
* bsc#1220398
* bsc#1220411
* bsc#1220413
* bsc#1220433
* bsc#1220439
* bsc#1220443
* bsc#1220445
* bsc#1220466
* bsc#1220469
* bsc#1220478
* bsc#1220482
* bsc#1220484
* bsc#1220486
* bsc#1220487
* bsc#1220492
* bsc#1220703
* bsc#1220735
* bsc#1220736
* bsc#1220775
* bsc#1220790
* bsc#1220797
* bsc#1220831
* bsc#1220833
* bsc#1220836
* bsc#1220839
* bsc#1220840
* bsc#1220843
* bsc#1220845
* bsc#1220848
* bsc#1220870
* bsc#1220871
* bsc#1220872
* bsc#1220878
* bsc#1220879
* bsc#1220883
* bsc#1220885
* bsc#1220887
* bsc#1220898
* bsc#1220917
* bsc#1220918
* bsc#1220920
* bsc#1220921
* bsc#1220926
* bsc#1220927
* bsc#1220929
* bsc#1220930
* bsc#1220931
* bsc#1220932
* bsc#1220933
* bsc#1220937
* bsc#1220938
* bsc#1220940
* bsc#1220954
* bsc#1220955
* bsc#1220959
* bsc#1220960
* bsc#1220961
* bsc#1220965
* bsc#1220969
* bsc#1220978
* bsc#1220979
* bsc#1220981
* bsc#1220982
* bsc#1220983
* bsc#1220985
* bsc#1220986
* bsc#1220987
* bsc#1220989
* bsc#1220990
* bsc#1221009
* bsc#1221012
* bsc#1221015
* bsc#1221022
* bsc#1221039
* bsc#1221040
* bsc#1221044
* bsc#1221045
* bsc#1221046
* bsc#1221048
* bsc#1221055
* bsc#1221056
* bsc#1221058
* bsc#1221060
* bsc#1221061
* bsc#1221062
* bsc#1221066
* bsc#1221067
* bsc#1221068
* bsc#1221069
* bsc#1221070
* bsc#1221071
* bsc#1221077
* bsc#1221082
* bsc#1221090
* bsc#1221097
* bsc#1221156
* bsc#1221252
* bsc#1221273
* bsc#1221274
* bsc#1221276
* bsc#1221277
* bsc#1221291
* bsc#1221293
* bsc#1221298
* bsc#1221337
* bsc#1221338
* bsc#1221375
* bsc#1221379
* bsc#1221551
* bsc#1221553
* bsc#1221613
* bsc#1221614
* bsc#1221616
* bsc#1221618
* bsc#1221631
* bsc#1221633
* bsc#1221713
* bsc#1221725
* bsc#1221777
* bsc#1221814
* bsc#1221816
* bsc#1221830
* bsc#1221951
* bsc#1222033
* bsc#1222056
* bsc#1222060
* bsc#1222070
* bsc#1222073
* bsc#1222117
* bsc#1222274
* bsc#1222291
* bsc#1222300
* bsc#1222304
* bsc#1222317
* bsc#1222331
* bsc#1222355
* bsc#1222356
* bsc#1222360
* bsc#1222366
* bsc#1222373
* bsc#1222619
* bsc#1222952
* jsc#PED-5759
* jsc#PED-7167
* jsc#PED-7618
* jsc#PED-7619

Cross-References:

* CVE-2021-46925
* CVE-2021-46926
* CVE-2021-46927
* CVE-2021-46929
* CVE-2021-46930
* CVE-2021-46931
* CVE-2021-46933
* CVE-2021-46934
* CVE-2021-46936
* CVE-2021-47082
* CVE-2021-47083
* CVE-2021-47087
* CVE-2021-47091
* CVE-2021-47093
* CVE-2021-47094
* CVE-2021-47095
* CVE-2021-47096
* CVE-2021-47097
* CVE-2021-47098
* CVE-2021-47099
* CVE-2021-47100
* CVE-2021-47101
* CVE-2021-47102
* CVE-2021-47104
* CVE-2021-47105
* CVE-2021-47107
* CVE-2021-47108
* CVE-2022-4744
* CVE-2022-48626
* CVE-2022-48627
* CVE-2022-48628
* CVE-2022-48629
* CVE-2022-48630
* CVE-2023-0160
* CVE-2023-28746
* CVE-2023-35827
* CVE-2023-4881
* CVE-2023-52447
* CVE-2023-52450
* CVE-2023-52453
* CVE-2023-52454
* CVE-2023-52462
* CVE-2023-52463
* CVE-2023-52467
* CVE-2023-52469
* CVE-2023-52470
* CVE-2023-52474
* CVE-2023-52476
* CVE-2023-52477
* CVE-2023-52481
* CVE-2023-52482
* CVE-2023-52484
* CVE-2023-52486
* CVE-2023-52492
* CVE-2023-52493
* CVE-2023-52494
* CVE-2023-52497
* CVE-2023-52500
* CVE-2023-52501
* CVE-2023-52502
* CVE-2023-52504
* CVE-2023-52507
* CVE-2023-52508
* CVE-2023-52509
* CVE-2023-52510
* CVE-2023-52511
* CVE-2023-52513
* CVE-2023-52515
* CVE-2023-52517
* CVE-2023-52518
* CVE-2023-52519
* CVE-2023-52520
* CVE-2023-52523
* CVE-2023-52524
* CVE-2023-52525
* CVE-2023-52528
* CVE-2023-52529
* CVE-2023-52530
* CVE-2023-52531
* CVE-2023-52532
* CVE-2023-52559
* CVE-2023-52563
* CVE-2023-52564
* CVE-2023-52566
* CVE-2023-52567
* CVE-2023-52569
* CVE-2023-52574
* CVE-2023-52575
* CVE-2023-52576
* CVE-2023-52582
* CVE-2023-52583
* CVE-2023-52587
* CVE-2023-52591
* CVE-2023-52594
* CVE-2023-52595
* CVE-2023-52597
* CVE-2023-52598
* CVE-2023-52599
* CVE-2023-52600
* CVE-2023-52601
* CVE-2023-52602
* CVE-2023-52603
* CVE-2023-52604
* CVE-2023-52605
* CVE-2023-52606
* CVE-2023-52607
* CVE-2023-52608
* CVE-2023-52612
* CVE-2023-52615
* CVE-2023-52617
* CVE-2023-52619
* CVE-2023-52621
* CVE-2023-52623
* CVE-2023-52628
* CVE-2023-52632
* CVE-2023-52637
* CVE-2023-52639
* CVE-2023-6270
* CVE-2023-6356
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-7042
* CVE-2023-7192
* CVE-2024-0841
* CVE-2024-2201
* CVE-2024-22099
* CVE-2024-23307
* CVE-2024-25739
* CVE-2024-25742
* CVE-2024-25743
* CVE-2024-26599
* CVE-2024-26600
* CVE-2024-26602
* CVE-2024-26607
* CVE-2024-26612
* CVE-2024-26614
* CVE-2024-26620
* CVE-2024-26627
* CVE-2024-26629
* CVE-2024-26642
* CVE-2024-26645
* CVE-2024-26646
* CVE-2024-26651
* CVE-2024-26654
* CVE-2024-26659
* CVE-2024-26664
* CVE-2024-26667
* CVE-2024-26670
* CVE-2024-26695
* CVE-2024-26717

CVSS scores:

* CVE-2021-46925 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46925 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46926 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46927 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46927 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-46929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46930 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-46930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46931 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46933 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2021-46933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46934 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46934 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-46936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46936 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47082 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47083 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2021-47087 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-47091 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47093 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-47094 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-47095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47096 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-47097 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-47099 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47100 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47101 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-47102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47104 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-47107 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-47108 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48626 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-48626 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2022-48628 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2022-48629 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-48630 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0160 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52447 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52447 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52450 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52450 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52454 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52462 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-52462 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52463 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52467 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52467 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52469 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-52469 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52470 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52474 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-52474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52476 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52477 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-52484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52486 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52493 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52494 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52497 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-52500 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-52501 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52504 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52507 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-52508 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52509 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52510 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52511 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52513 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52517 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52518 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52519 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52525 ( SUSE ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-52528 ( SUSE ): 3.5 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-52529 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52559 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52563 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52564 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52566 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52567 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-52569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52576 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52582 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52587 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-52594 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52595 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-52598 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52606 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52607 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52612 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-52615 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52617 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52619 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52621 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52623 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52628 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52637 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52639 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7042 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7192 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7192 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0841 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0841 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-2201 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-22099 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-22099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-25739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25742 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-25743 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-26599 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2024-26599 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26600 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26602 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26607 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26612 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26627 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26629 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-26642 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26646 ( SUSE ): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-26651 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26654 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26659 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26664 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26667 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP5
* Development Tools Module 15-SP5
* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5

An update that solves 150 vulnerabilities, contains four features and has 32
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security
bugfixes.

The following security bugs were fixed:

* CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
* CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-
acpi (bsc#1220478).
* CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use
get_user_pages_unlocked() (bsc#1220443).
* CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump()
(bsc#1220482).
* CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
* CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq()
(bsc#1220486).
* CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
* CVE-2021-46934: Fixed a bug by validating user data in compat ioctl
(bsc#1220469).
* CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
* CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
* CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek:
(bsc#1220917).
* CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
* CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path
(bsc#1220959).
* CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core
(bsc#1220978).
* CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
* CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
* CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi
(bsc#1220981).
* CVE-2021-47097: Fixed stack out of bound access in
elantech_change_report_id() (bsc#1220982).
* CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations
hwmon: (lm90) (bsc#1220983).
* CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are
cloned (bsc#1220955).
* CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
* CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
* CVE-2021-47102: Fixed incorrect structure access In line: upper =
info->upper_dev in net/marvell/prestera (bsc#1221009).
* CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts()
(bsc#1220960).
* CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
* CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
* CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in
drm/mediatek (bsc#1220986).
* CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
escalation in TUN/TAP device driver functionality (bsc#1209635).
* CVE-2022-48626: Fixed a potential use-after-free on remove path moxart
(bsc#1220366).
* CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer
(bsc#1220845).
* CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
* CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
* CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in
crypto: qcom-rng (bsc#1220990).
* CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to
potentially crash the system (bsc#1209657).
* CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
* CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work()
(bsc#1212514).
* CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221).
* CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
(bsc#1220251).
* CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology()
(bsc#1220237).
* CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
* CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU
length (bsc#1220320).
* CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer
(bsc#1220325).
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register
(bsc#1220433).
* CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table
(bsc#1220411).
* CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
* CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec
user SDMA requests (bsc#1220445).
* CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI
during vsyscall (bsc#1220703).
* CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors
(bsc#1220790).
* CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520
(bsc#1220887).
* CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors
(bsc#1220735).
* CVE-2023-52484: Fixed a soft lockup triggered by
arm_smmu_mm_invalidate_range (bsc#1220797).
* CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
* CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration
function __dma_async_device_channel_register() (bsc#1221276).
* CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
* CVE-2023-52494: Fixed missing alignment check for event ring read pointer in
bus/mhi/host (bsc#1221273).
* CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
* CVE-2023-52500: Fixed information leaking when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
* CVE-2023-52501: Fixed possible memory corruption in ring-buffer
(bsc#1220885).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220831).
* CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a
5-level paging machine (bsc#1221553).
* CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
* CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid()
(bsc#1221015).
* CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work()
(bsc#1220836).
* CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
* CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
* CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
* CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
* CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO
drain in spi/sun6i (bsc#1221055).
* CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
* CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc
(bsc#1220920).
* CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi
(bsc#1220921).
* CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf
(bsc#1220926).
* CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
* CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet()
(bsc#1220840).
* CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg()
(bsc#1220843).
* CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
* CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
(bsc#1220930).
* CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
* CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
* CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend
(bsc#1220933).
* CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson
(bsc#1220937).
* CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux()
(bsc#1220938).
* CVE-2023-52566: Fixed potential use after free in
nilfs_gccache_submit_read_data() (bsc#1220940).
* CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ
polling (irq = 0) (bsc#1220839).
* CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to
insert delayed dir index item (bsc#1220918).
* CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
* CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off
(bsc#1220871).
* CVE-2023-52576: Fixed potential use after free in memblock_isolate_range()
(bsc#1220872).
* CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
* CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph
(bsc#1221058).
* CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
* CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via
directory renaming (bsc#1221044).
* CVE-2023-52594: Fixed potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (bsc#1221045).
* CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
* CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
* CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace
(bsc#1221060).
* CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs
(bsc#1221062).
* CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
* CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs
(bsc#1221068).
* CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs
(bsc#1221070).
* CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot()
(bsc#1221066).
* CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree()
(bsc#1221067).
* CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
* CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib
(bsc#1221069).
* CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add
kasprintf() (bsc#1221061).
* CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi
(bsc#1221375).
* CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp
(bsc#1221616).
* CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
* CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove
(bsc#1221613).
* CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd
number in pstore/ram (bsc#1221618).
* CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
* CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
* CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
* CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd
(bsc#1222274).
* CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939
(bsc#1222291).
* CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed
(bsc#1222300).
* CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts
(bsc#1218562).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-7042: Fixed a null-pointer-dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
* CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in
net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
* CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super
function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
* CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
* CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security
(bsc#1219170).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1219169).
* CVE-2024-25739: Fixed possible crash in create_empty_lvol() in
drivers/mtd/ubi/vtbl.c (bsc#1219834).
* CVE-2024-25742: Fixed insufficient validation during #VC instruction
emulation in x86/sev (bsc#1221725).
* CVE-2024-25743: Fixed insufficient validation during #VC instruction
emulation in x86/sev (bsc#1221725).
* CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate()
(bsc#1220365).
* CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2
(bsc#1220340).
* CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
* CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
* CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences
(bsc#1221291).
* CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks
(bsc#1221293).
* CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap
(bsc#1221298).
* CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
* CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in
nfsd (bsc#1221379).
* CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter
nf_tables (bsc#1221830).
* CVE-2024-26645: Fixed missing visibility when inserting an element into
tracing_map (bsc#1222056).
* CVE-2024-26646: Fixed potential memory corruption when resuming from suspend
or hibernation in thermal/intel/hfi (bsc#1222070).
* CVE-2024-26651: Fixed possible oops via malicious devices in sr9800
(bsc#1221337).
* CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
* CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun
events in xhci (bsc#1222317).
* CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in
hwmon coretemp (bsc#1222355).
* CVE-2024-26667: Fixed null pointer reference in
dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
* CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in
kernel arm64 (bsc#1222356).
* CVE-2024-26695: Fixed null pointer dereference in
__sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
* CVE-2024-26717: Fixed null pointer dereference on failed power up in HID
i2c-hid-of (bsc#1222360).

The following non-security bugs were fixed:

* acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-
fixes).
* acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-
fixes).
* acpi: resource: Add Infinity laptops to irq1_edge_low_force_override
(stable-fixes).
* acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-
fixes).
* acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
* acpi: scan: Fix device check notification handling (git-fixes).
* acpica: debugger: check status of acpi_evaluate_object() in
acpi_db_walk_for_fields() (git-fixes).
* alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
* alsa: aoa: avoid false-positive format truncation warning (git-fixes).
* alsa: aw2: avoid casting function pointers (git-fixes).
* alsa: ctxfi: avoid casting function pointers (git-fixes).
* alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-
fixes).
* alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-
fixes).
* alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897
platform (git-fixes).
* alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
* alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
microphone (git-fixes).
* alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
* alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
* alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
* alsa: seq: fix function cast warnings (git-fixes).
* alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
* alsa: usb-audio: Stop parsing channels bits when all channels are found
(git-fixes).
* arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes)
* arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
* arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-
fixes)
* arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes)
* arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes)
* arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes)
* arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes)
* arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
* arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
* arm64: mm: fix va-range sanity check (git-fixes)
* arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
* asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
(stable-fixes).
* asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
* asoc: amd: acp: fix for acp_init function error handling (git-fixes).
* asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
* asoc: meson: Use dev_err_probe() helper (stable-fixes).
* asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
* asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
* asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
* asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
* asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
* asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
* asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
* asoc: rt5682-sdw: fix locking sequence (git-fixes).
* asoc: rt711-sdca: fix locking sequence (git-fixes).
* asoc: rt711-sdw: fix locking sequence (git-fixes).
* asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-
fixes).
* asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
* asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-
fixes).
* ata: sata_mv: fix pci device id table declaration compilation warning (git-
fixes).
* ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
* backlight: da9052: fully initialize backlight_properties during probe (git-
fixes).
* backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-
fixes).
* backlight: lm3630a: initialize backlight_properties on init (git-fixes).
* backlight: lm3639: fully initialize backlight_properties during probe (git-
fixes).
* backlight: lp8788: fully initialize backlight_properties during probe (git-
fixes).
* blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes).
* bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
* bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
* bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
* bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
* bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-
fixes).
* bpf, scripts: correct gpl license name (git-fixes).
* bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
* can: softing: remove redundant null check (git-fixes).
* clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-
fixes).
* comedi: comedi_test: prevent timers rescheduling during deletion (git-
fixes).
* coresight: etm4x: do not access trcidr1 for identification (bsc#1220775)
* coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775)
* coresight: etm: override trcidr3.ccitmin on errata affected cpus
(bsc#1220775)
* cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf()
(git-fixes).
* cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
(git-fixes).
* crypto: arm/sha - fix function cast warnings (git-fixes).
* crypto: qat - avoid division by zero (git-fixes).
* crypto: qat - fix deadlock in backlog processing (git-fixes).
* crypto: qat - fix double free during reset (git-fixes).
* crypto: qat - fix state machines cleanup paths (bsc#1218321).
* crypto: qat - fix unregistration of compression algorithms (git-fixes).
* crypto: qat - fix unregistration of crypto algorithms (git-fixes).
* crypto: qat - ignore subsequent state up commands (git-fixes).
* crypto: qat - increase size of buffers (git-fixes).
* crypto: qat - resolve race condition during aer recovery (git-fixes).
* crypto: xilinx - call finalize with bh disabled (git-fixes).
* doc-guide: kernel-doc: tell about object-like macros (git-fixes).
* doc/readme.suse: update information about module support status
(jsc#ped-5759)
* drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
memory (git-fixes).
* drm/amd/display: add fams validation before trying to use it (git-fixes).
* drm/amd/display: add fb_damage_clips support (git-fixes).
* drm/amd/display: add function for validate and update new stream (git-
fixes).
* drm/amd/display: add odm case when looking for first split pipe (git-fixes).
* drm/amd/display: always switch off odm before committing more streams (git-
fixes).
* drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes).
* drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-
fixes).
* drm/amd/display: check if link state is valid (git-fixes).
* drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-
fixes).
* drm/amd/display: copy dc context in the commit streams (git-fixes).
* drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
* drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes).
* drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes).
* drm/amd/display: enable new commit sequence only for dcn32x (git-fixes).
* drm/amd/display: ensure async flips are only accepted for fast updates (git-
fixes).
* drm/amd/display: exit idle optimizations before attempt to access phy (git-
fixes).
* drm/amd/display: expand kernel doc for dc (git-fixes).
* drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes).
* drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer()
(git-fixes).
* drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
(git-fixes).
* drm/amd/display: fix abm disablement (git-fixes).
* drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
* drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes).
* drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
* drm/amd/display: fix possible underflow for displays with large vblank (git-
fixes).
* drm/amd/display: fix the delta clamping for shaper lut (git-fixes).
* drm/amd/display: fix unbounded requesting for high pixel rate modes on
dcn315 (git-fixes).
* drm/amd/display: fix underflow issue on 175hz timing (git-fixes).
* drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-
fixes).
* drm/amd/display: guard against invalid rptr/wptr being set (git-fixes).
* drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-
fixes).
* drm/amd/display: handle range offsets in vrr ranges (stable-fixes).
* drm/amd/display: handle seamless boot stream (git-fixes).
* drm/amd/display: handle virtual hardware detect (git-fixes).
* drm/amd/display: include surface of unaffected streams (git-fixes).
* drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes).
* drm/amd/display: increase frame warning limit with kasan or kcsan in dml
(git-fixes).
* drm/amd/display: keep phy active for dp config (git-fixes).
* drm/amd/display: perform a bounds check before filling dirty rectangles
(git-fixes).
* drm/amd/display: prevent vtotal from being set to 0 (git-fixes).
* drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes).
* drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes).
* drm/amd/display: return the correct hdcp error code (stable-fixes).
* drm/amd/display: revert vblank change that causes null pointer crash (git-
fixes).
* drm/amd/display: rework comments on dc file (git-fixes).
* drm/amd/display: rework context change check (git-fixes).
* drm/amd/display: set minimum requirement for using psr-su on phoenix (git-
fixes).
* drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-
fixes).
* drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
* drm/amd/display: update correct dcn314 register header (git-fixes).
* drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
* drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-
fixes).
* drm/amd/display: update otg instance in the commit stream (git-fixes).
* drm/amd/display: use dram speed from validation for dummy p-state (git-
fixes).
* drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes).
* drm/amd/display: use low clocks for no plane configs (git-fixes).
* drm/amd/display: use min transition for all subvp plane add/remove (git-
fixes).
* drm/amd/display: write to correct dirty_rect (git-fixes).
* drm/amd/display: wrong colorimetry workaround (git-fixes).
* drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
* drm/amd/pm: fix error of maco flag setting code (git-fixes).
* drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock
(git-fixes).
* drm/amd: enable pcie pme from d3 (git-fixes).
* drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes).
* drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
* drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
* drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
* drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
* drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-
fixes).
* drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int()
(git-fixes).
* drm/amdgpu: force order between a read and write to the same address (git-
fixes).
* drm/amdgpu: lower cs errors to debug severity (git-fixes).
* drm/amdgpu: match against exact bootloader status (git-fixes).
* drm/amdgpu: unset context priority is now invalid (git-fixes).
* drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
* drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes).
* drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes).
* drm/display: fix typo (git-fixes).
* drm/edid: add quirk for osvr hdk 2.0 (git-fixes).
* drm/etnaviv: restore some id values (git-fixes).
* drm/exynos: do not return negative values from .get_modes() (stable-fixes).
* drm/exynos: fix a possible null-pointer dereference due to data race in
exynos_drm_crtc_atomic_disable() (git-fixes).
* drm/i915/bios: tolerate devdata==null in
intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
* drm/i915/gt: do not generate the command streamer for all the ccs (git-
fixes).
* drm/i915/gt: reset queue_priority_hint on parking (git-fixes).
* drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes).
* drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes).
* drm/i915: add missing ccs documentation (git-fixes).
* drm/i915: call intel_pre_plane_updates() also for pipes getting enabled
(git-fixes).
* drm/i915: check before removing mm notifier (git-fixes).
* drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
* drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes).
* drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip
(git-fixes).
* drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
* drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes).
* drm/msm/dpu: improve dsc allocation (git-fixes).
* drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-
fixes).
* drm/panel-edp: use put_sync in unprepare (git-fixes).
* drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes).
* drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes).
* drm/panel: do not return negative error codes from drm_panel_get_modes()
(stable-fixes).
* drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-
fixes).
* drm/panfrost: fix power transition timeout warnings (git-fixes).
* drm/probe-helper: warn about negative .get_modes() (stable-fixes).
* drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-
fixes).
* drm/qxl: remove unused variable from `qxl_process_single_command()` (git-
fixes).
* drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-
fixes).
* drm/radeon/ni_dpm: remove redundant null check (git-fixes).
* drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
* drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes).
* drm/rockchip: inno_hdmi: fix video timing (git-fixes).
* drm/rockchip: lvds: do not overwrite error code (git-fixes).
* drm/rockchip: lvds: do not print scary message when probing defer (git-
fixes).
* drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-
fixes).
* drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes).
* drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path
of tegra_dsi_probe() (git-fixes).
* drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-
fixes).
* drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-
fixes).
* drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes).
* drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-
fixes).
* drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths
of tegra_output_probe() (git-fixes).
* drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
* drm/tegra: rgb: fix missing clk_put() in the error handling paths of
tegra_dc_rgb_probe() (git-fixes).
* drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-
fixes).
* drm/tidss: fix initial plane zpos values (git-fixes).
* drm/tidss: fix sync-lost issue with two displays (git-fixes).
* drm/ttm: do not leak a resource on eviction error (git-fixes).
* drm/ttm: do not print error message if eviction was interrupted (git-fixes).
* drm/vc4: add module dependency on hdmi-codec (git-fixes).
* drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-
fixes).
* drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
* drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-
fixes).
* drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
* drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes).
* drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017)
(git-fixes).
* firewire: core: use long bus reset on gap count error (stable-fixes).
* fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices"
(bsc#1220775)
* hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
* hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
* hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-
fixes).
* hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-
fixes).
* hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-
fixes).
* hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-
fixes).
* i2c: aspeed: fix the dummy irq expected print (git-fixes).
* i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-
fixes).
* i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes).
* ib/ipoib: Fix mcast list locking (git-fixes)
* iio: dummy_evgen: remove excess kernel-doc comments (git-fixes).
* iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes).
* input: gpio_keys_polled - suppress deferred probe error for gpio (stable-
fixes).
* input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
* input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
* input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
* input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
* input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
* input: pm8941-pwrkey - add software key press debouncing support (git-
fixes).
* input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
* input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
* input: xpad - add Lenovo Legion Go controllers (git-fixes).
* iommu/amd: mark interrupt as managed (git-fixes).
* iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes).
* iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-
fixes).
* iommu/mediatek: fix forever loop in error handling (git-fixes).
* iommu/vt-d: allow to use flush-queue when first level is default (git-
fixes).
* iommu/vt-d: do not issue ats invalidation request when device is
disconnected (git-fixes).
* iommu/vt-d: fix pasid directory pointer coherency (git-fixes).
* iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes).
* kabi: pci: add locking to rmw pci express capability register accessors
(kabi).
* kconfig: fix infinite loop when expanding a macro at the end of file (git-
fixes).
* kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
* lan78xx: enable auto speed configuration for lan7850 if no eeprom is
detected (git-commit).
* leds: aw2013: unlock mutex before destroying it (git-fixes).
* lib/cmdline: fix an invalid format specifier in an assertion msg (git-
fixes).
* make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
* md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
* md/raid5: release batch_last before waiting for another stripe_head (git-
fixes).
* md/raid6: use valid sector values to determine if an i/o should wait on the
reshape (git-fixes).
* md: do not ignore suspended array in md_check_recovery() (git-fixes).
* md: do not leave 'md_recovery_frozen' in error path of md_set_readonly()
(git-fixes).
* md: fix data corruption for raid456 when reshape restart while grow up (git-
fixes).
* md: introduce md_ro_state (git-fixes).
* md: make sure md_do_sync() will set md_recovery_done (git-fixes).
* md: whenassemble the array, consult the superblock of the freshest device
(git-fixes).
* media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
* media: edia: dvbdev: fix a use-after-free (git-fixes).
* media: em28xx: annotate unchecked call to media_device_register() (git-
fixes).
* media: go7007: add check of return value of go7007_read_addr() (git-fixes).
* media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
* media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
* media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
* media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
* media: pvrusb2: remove redundant null check (git-fixes).
* media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-
fixes).
* media: sun8i-di: fix chroma difference threshold (git-fixes).
* media: sun8i-di: fix coefficient writes (git-fixes).
* media: sun8i-di: fix power on/off sequences (git-fixes).
* media: tc358743: register v4l2 async device only after successful setup
(git-fixes).
* media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
* media: usbtv: remove useless locks in usbtv_video_free() (git-fixes).
* media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
* media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
* media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes).
* mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a
ref (git-fixes).
* mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref
(git-fixes).
* mm,page_owner: Defer enablement of static branch (bsc#1222366).
* mm,page_owner: check for null stack_record before bumping its refcount
(bsc#1222366).
* mm,page_owner: drop unnecessary check (bsc#1222366).
* mm,page_owner: fix accounting of pages when migrating (bsc#1222366).
* mm,page_owner: fix printing of stack records (bsc#1222366).
* mm,page_owner: fix recursion (bsc#1222366).
* mm,page_owner: fix refcount imbalance (bsc#1222366).
* mm,page_owner: update metadata for tail pages (bsc#1222366).
* mm/vmalloc: huge vmalloc backing pages should be split rather than compound
(bsc#1217829).
* mmc: core: avoid negative index with array access (git-fixes).
* mmc: core: fix switch on gp3 partition (git-fixes).
* mmc: core: initialize mmc_blk_ioc_data (git-fixes).
* mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes).
* mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes).
* mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
* mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove
function (git-fixes).
* mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
* mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
* mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
* net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322).
* net/x25: fix incorrect parameter validation in the x25_getsockopt() function
(git-fixes).
* net: fix features skip in for_each_netdev_feature() (git-fixes).
* net: lan78xx: fix runtime pm count underflow on link stop (git-fixes).
* net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
* net: mana: fix rx dma datasize and skb_over_panic (git-fixes).
* net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
* net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
* net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
* nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
* nfs: fix an off by one in root_nfs_cat() (git-fixes).
* nfs: rename nfs_client_kset to nfs_kset (git-fixes).
* nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
* nfsd: convert the callback workqueue to use delayed_work (git-fixes).
* nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
* nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
* nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
* nfsd: fix file memleak on client_opens_release (git-fixes).
* nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
* nfsd: lock_rename() needs both directories to live on the same fs (git-
fixes).
* nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-
fixes).
* nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
* nfsd: retransmit callbacks after client reconnects (git-fixes).
* nfsd: use vfs setgid helper (git-fixes).
* nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
* nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
* nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
* nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
* nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
* nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
* nfsv4.2: fix wrong shrinker_id (git-fixes).
* nfsv4: fix a nfs4_state_manager() race (git-fixes).
* nfsv4: fix a state manager thread deadlock regression (git-fixes).
* nilfs2: fix failure to detect dat corruption in btree and direct mappings
(git-fixes).
* nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
* nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
* nouveau: reset the bo resource bus info after an eviction (git-fixes).
* ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
* nvme-fc: do not wait in vain when unloading module (git-fixes).
* nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
* nvmet-fc: abort command when there is no binding (git-fixes).
* nvmet-fc: avoid deadlock on delete association path (git-fixes).
* nvmet-fc: defer cleanup using rcu properly (git-fixes).
* nvmet-fc: hold reference on hostport match (git-fixes).
* nvmet-fc: release reference on target port (git-fixes).
* nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
* nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
* nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
* pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
* pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
* pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
* pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
* pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
* pci: add locking to RMW PCI Express Capability Register accessors (git-
fixes).
* pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
* pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
* pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-
fixes).
* pci: fu740: Set the number of MSI vectors (git-fixes).
* pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-
fixes).
* pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
* pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
* pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
* pci: mediatek: Clear interrupt status before dispatching handler (git-
fixes).
* pci: qcom: Enable BDF to SID translation properly (git-fixes).
* pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-
fixes).
* pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
* pci: rockchip: Fix window mapping and address translation for endpoint (git-
fixes).
* pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
* pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-
fixes).
* pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-
fixes).
* platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
* pm: suspend: Set mem_sleep_current during kernel command line setup (git-
fixes).
* pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats
(git-fixes).
* pnfs: fix a hang in nfs4_evict_inode() (git-fixes).
* pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes).
* powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
* powerpc/boot: Disable power10 features after BOOTAFLAGS assignment
(bsc#1194869).
* powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU
(bsc#1194869).
* powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses
(bsc#1194869).
* powerpc/lib/sstep: Remove unneeded #ifdef **powerpc64** (bsc#1194869).
* powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding
(bsc#1194869).
* powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
* powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
(bsc#1220492 ltc#205270).
* powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465
ltc#197256 jsc#SLE-18130 git-fixes).
* powerpc/sstep: Use bitwise instead of arithmetic operator for flags
(bsc#1194869).
* powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
* pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-
fixes).
* qedf: Do not process stag work during unload (bsc#1214852).
* qedf: Wait for stag work during unload (bsc#1214852).
* raid1: fix use-after-free for original bio in raid1_write_request()
(bsc#1221097).
* ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
* ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
* ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
* ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
* ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
* ras/amd/fmpm: Save SPA values (jsc#PED-7619).
* ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
* ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
* rdma/device: fix a race between mad_client and cm_client init (git-fixes)
* rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
* rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes)
* rdma/irdma: remove duplicate assignment (git-fixes)
* rdma/mana_ib: fix bug in creation of dma regions (git-fixes).
* rdma/mlx5: fix fortify source warning while accessing eth segment (git-
fixes)
* rdma/mlx5: relax devx access upon modify commands (git-fixes)
* rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-
fixes)
* rdma/srpt: do not register event handler until srpt device is fully setup
(git-fixes)
* revert "drm/amd: disable psr-su on parade 0803 tcon" (git-fixes).
* revert "drm/amd: disable s/g for apus when 64gb or more host memory" (git-
fixes).
* revert "drm/amdgpu/display: change pipe policy for dcn 2.0" (git-fixes).
* revert "drm/amdgpu/display: change pipe policy for dcn 2.1" (git-fixes).
* revert "drm/vc4: hdmi: enforce the minimum rate at runtime_resume" (git-
fixes).
* revert "fbdev: flush deferred io before closing (git-fixes)." (bsc#1221814)
* revert "pci: tegra194: enable support for 256 byte payload" (git-fixes).
* revert "revert "drm/amdgpu/display: change pipe policy for dcn 2.0"" (git-
fixes).
* revert "sunrpc dont update timeout value on connection reset" (git-fixes).
* ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
* rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
* s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes
bsc#1221633).
* s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
* s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
* s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
* s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
* sched/rt: Disallow writing invalid values to sched_rt_period_us
(bsc#1220176).
* sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
(bsc#1220176).
* scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
* scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
* scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
* scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
* scsi: lpfc: Define types in a union for generic void *context3 ptr
(bsc#1221777).
* scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
(bsc#1221777).
* scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
(bsc#1221777).
* scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777
bsc#1217959).
* scsi: lpfc: Remove unnecessary log message in queuecommand path
(bsc#1221777).
* scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
(bsc#1221777).
* scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
* scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
* scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
* scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
* scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
* scsi: qedf: Remove unused declaration (bsc#1214852).
* scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
* scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
* scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
* scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
* scsi: qla2xxx: Fix double free of fcport (bsc1221816).
* scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
* scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
* scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
* scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
* scsi: qla2xxx: Update manufacturer detail (bsc1221816).
* scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
* scsi: storvsc: Fix ring buffer size calculation (git-fixes).
* scsi: target: core: Silence the message about unknown VPD pages
(bsc#1221252).
* selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
* serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
* serial: max310x: fix syntax error in IRQ error message (git-fixes).
* slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-
fixes).
* soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
* spi: lm70llp: fix links in doc and comments (git-fixes).
* spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
* sr9800: Add check for usbnet_get_endpoints (git-fixes).
* stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
* staging: vc04_services: fix information leak in create_component() (git-
fixes).
* sunrpc: add an is_err() check back to where it was (git-fixes).
* sunrpc: econnreset might require a rebind (git-fixes).
* sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
* sunrpc: fix a suspicious rcu usage warning (git-fixes).
* sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes).
* sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
* svcrdma: Drop connection after an RDMA Read error (git-fixes).
* topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
* topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
* tracing/probes: Fix to show a parse error for bad type for $comm (git-
fixes).
* tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
* tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
* tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
* tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-
fixes).
* tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
* tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
* ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
* ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
* ubifs: Set page uptodate in the correct place (git-fixes).
* ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
* ubifs: fix sort function prototype (git-fixes).
* usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor
(git-fixes).
* usb: cdc-wdm: close race between read and workqueue (git-fixes).
* usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes).
* usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
* usb: dwc2: gadget: LPM flow fix (git-fixes).
* usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
* usb: dwc2: host: Fix hibernation flow (git-fixes).
* usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
* usb: dwc3: Properly set system wakeup (git-fixes).
* usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
* usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
* usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-
fixes).
* usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
* usb: port: Do not try to peer unused USB ports based on location (git-
fixes).
* usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
* usb: typec: ucsi: Check for notifications after init (git-fixes).
* usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
* usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
* usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-
fixes).
* usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
* vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
* vt: fix unicode buffer corruption when deleting characters (git-fixes).
* watchdog: stm32_iwdg: initialize default timeout (git-fixes).
* wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
* wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
* wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
* wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
(git-fixes).
* wifi: b43: Disable QoS for bcm4331 (git-fixes).
* wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-
fixes).
* wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-
fixes).
* wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-
fixes).
* wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-
fixes).
* wifi: brcmsmac: avoid function pointer casts (git-fixes).
* wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
* wifi: iwlwifi: fix EWRD table validity check (git-fixes).
* wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
* wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
* wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
* wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
* wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-
fixes).
* wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
* wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir() (git-fixes).
* wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
* wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
* wifi: wilc1000: fix RCU usage in connect path (git-fixes).
* wifi: wilc1000: fix declarations ordering (stable-fixes).
* wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
* wifi: wilc1000: prevent use-after-free on vif when cleaning up all
interfaces (git-fixes).
* x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
* x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
* x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
* xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
* xhci: process isoc TD properly when there was a transaction error mid TD
(git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1480=1 openSUSE-SLE-15.5-2024-1480=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1480=1

* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1480=1

* Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-1480=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-1480=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-1480=1
Please note that this is the initial kernel livepatch without fixes itself, this
package is later updated by separate standalone kernel livepatch updates.

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2024-1480=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1480=1

## Package List:

* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (noarch)
* kernel-docs-html-5.14.21-150500.55.59.1
* kernel-source-5.14.21-150500.55.59.1
* kernel-devel-5.14.21-150500.55.59.1
* kernel-source-vanilla-5.14.21-150500.55.59.1
* kernel-macros-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (nosrc ppc64le x86_64)
* kernel-debug-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-5.14.21-150500.55.59.1
* kernel-debug-livepatch-devel-5.14.21-150500.55.59.1
* kernel-debug-debugsource-5.14.21-150500.55.59.1
* kernel-debug-devel-5.14.21-150500.55.59.1
* kernel-debug-debuginfo-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (x86_64)
* kernel-default-vdso-debuginfo-5.14.21-150500.55.59.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.59.1
* kernel-debug-vdso-5.14.21-150500.55.59.1
* kernel-default-vdso-5.14.21-150500.55.59.1
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.59.1
* kernel-debug-vdso-debuginfo-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7
* kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.59.1
* kernel-kvmsmall-devel-5.14.21-150500.55.59.1
* kernel-kvmsmall-debugsource-5.14.21-150500.55.59.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.59.1
* kernel-default-base-rebuild-5.14.21-150500.55.59.1.150500.6.25.7
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-syms-5.14.21-150500.55.59.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.59.1
* dlm-kmp-default-5.14.21-150500.55.59.1
* kselftests-kmp-default-5.14.21-150500.55.59.1
* kernel-default-extra-5.14.21-150500.55.59.1
* kernel-default-optional-5.14.21-150500.55.59.1
* kernel-obs-build-debugsource-5.14.21-150500.55.59.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debugsource-5.14.21-150500.55.59.1
* cluster-md-kmp-default-5.14.21-150500.55.59.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.59.1
* reiserfs-kmp-default-5.14.21-150500.55.59.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.59.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.59.1
* gfs2-kmp-default-5.14.21-150500.55.59.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-devel-5.14.21-150500.55.59.1
* kernel-obs-build-5.14.21-150500.55.59.1
* kernel-default-livepatch-devel-5.14.21-150500.55.59.1
* ocfs2-kmp-default-5.14.21-150500.55.59.1
* kernel-obs-qa-5.14.21-150500.55.59.1
* kernel-default-livepatch-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-1-150500.11.7.1
* kernel-livepatch-5_14_21-150500_55_59-default-1-150500.11.7.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-1-150500.11.7.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.59.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (aarch64)
* dlm-kmp-64kb-5.14.21-150500.55.59.1
* dtb-sprd-5.14.21-150500.55.59.1
* dtb-qcom-5.14.21-150500.55.59.1
* dtb-socionext-5.14.21-150500.55.59.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.59.1
* dtb-allwinner-5.14.21-150500.55.59.1
* dtb-nvidia-5.14.21-150500.55.59.1
* dtb-lg-5.14.21-150500.55.59.1
* reiserfs-kmp-64kb-5.14.21-150500.55.59.1
* dtb-exynos-5.14.21-150500.55.59.1
* kselftests-kmp-64kb-5.14.21-150500.55.59.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.59.1
* kernel-64kb-debugsource-5.14.21-150500.55.59.1
* dtb-apm-5.14.21-150500.55.59.1
* dtb-amlogic-5.14.21-150500.55.59.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.59.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.59.1
* kernel-64kb-devel-5.14.21-150500.55.59.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.59.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.59.1
* dtb-freescale-5.14.21-150500.55.59.1
* dtb-arm-5.14.21-150500.55.59.1
* dtb-marvell-5.14.21-150500.55.59.1
* dtb-hisilicon-5.14.21-150500.55.59.1
* dtb-cavium-5.14.21-150500.55.59.1
* kernel-64kb-optional-5.14.21-150500.55.59.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.59.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.59.1
* kernel-64kb-debuginfo-5.14.21-150500.55.59.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.59.1
* kernel-64kb-livepatch-devel-5.14.21-150500.55.59.1
* dtb-rockchip-5.14.21-150500.55.59.1
* dtb-altera-5.14.21-150500.55.59.1
* dtb-broadcom-5.14.21-150500.55.59.1
* dtb-amd-5.14.21-150500.55.59.1
* dtb-xilinx-5.14.21-150500.55.59.1
* dtb-amazon-5.14.21-150500.55.59.1
* kernel-64kb-extra-5.14.21-150500.55.59.1
* ocfs2-kmp-64kb-5.14.21-150500.55.59.1
* gfs2-kmp-64kb-5.14.21-150500.55.59.1
* dtb-mediatek-5.14.21-150500.55.59.1
* dtb-renesas-5.14.21-150500.55.59.1
* cluster-md-kmp-64kb-5.14.21-150500.55.59.1
* dtb-apple-5.14.21-150500.55.59.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.59.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150500.55.59.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debugsource-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150500.55.59.1
* kernel-64kb-devel-5.14.21-150500.55.59.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.59.1
* kernel-64kb-debugsource-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.59.1.150500.6.25.7
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-devel-5.14.21-150500.55.59.1
* kernel-default-debugsource-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (noarch)
* kernel-devel-5.14.21-150500.55.59.1
* kernel-macros-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.59.1
* Basesystem Module 15-SP5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.59.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.59.1
* Development Tools Module 15-SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.59.1
* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.59.1
* kernel-syms-5.14.21-150500.55.59.1
* kernel-obs-build-5.14.21-150500.55.59.1
* Development Tools Module 15-SP5 (noarch)
* kernel-source-5.14.21-150500.55.59.1
* Legacy Module 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.59.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* reiserfs-kmp-default-5.14.21-150500.55.59.1
* kernel-default-debugsource-5.14.21-150500.55.59.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.59.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.59.1
* kernel-livepatch-SLE15-SP5_Update_12-debugsource-1-150500.11.7.1
* kernel-default-livepatch-devel-5.14.21-150500.55.59.1
* kernel-livepatch-5_14_21-150500_55_59-default-debuginfo-1-150500.11.7.1
* kernel-livepatch-5_14_21-150500_55_59-default-1-150500.11.7.1
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-livepatch-5.14.21-150500.55.59.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.59.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debugsource-5.14.21-150500.55.59.1
* cluster-md-kmp-default-5.14.21-150500.55.59.1
* gfs2-kmp-default-5.14.21-150500.55.59.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.59.1
* dlm-kmp-default-5.14.21-150500.55.59.1
* ocfs2-kmp-default-5.14.21-150500.55.59.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.59.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc)
* kernel-default-5.14.21-150500.55.59.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.59.1
* kernel-default-extra-5.14.21-150500.55.59.1
* kernel-default-debugsource-5.14.21-150500.55.59.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.59.1

## References:

* https://www.suse.com/security/cve/CVE-2021-46925.html
* https://www.suse.com/security/cve/CVE-2021-46926.html
* https://www.suse.com/security/cve/CVE-2021-46927.html
* https://www.suse.com/security/cve/CVE-2021-46929.html
* https://www.suse.com/security/cve/CVE-2021-46930.html
* https://www.suse.com/security/cve/CVE-2021-46931.html
* https://www.suse.com/security/cve/CVE-2021-46933.html
* https://www.suse.com/security/cve/CVE-2021-46934.html
* https://www.suse.com/security/cve/CVE-2021-46936.html
* https://www.suse.com/security/cve/CVE-2021-47082.html
* https://www.suse.com/security/cve/CVE-2021-47083.html
* https://www.suse.com/security/cve/CVE-2021-47087.html
* https://www.suse.com/security/cve/CVE-2021-47091.html
* https://www.suse.com/security/cve/CVE-2021-47093.html
* https://www.suse.com/security/cve/CVE-2021-47094.html
* https://www.suse.com/security/cve/CVE-2021-47095.html
* https://www.suse.com/security/cve/CVE-2021-47096.html
* https://www.suse.com/security/cve/CVE-2021-47097.html
* https://www.suse.com/security/cve/CVE-2021-47098.html
* https://www.suse.com/security/cve/CVE-2021-47099.html
* https://www.suse.com/security/cve/CVE-2021-47100.html
* https://www.suse.com/security/cve/CVE-2021-47101.html
* https://www.suse.com/security/cve/CVE-2021-47102.html
* https://www.suse.com/security/cve/CVE-2021-47104.html
* https://www.suse.com/security/cve/CVE-2021-47105.html
* https://www.suse.com/security/cve/CVE-2021-47107.html
* https://www.suse.com/security/cve/CVE-2021-47108.html
* https://www.suse.com/security/cve/CVE-2022-4744.html
* https://www.suse.com/security/cve/CVE-2022-48626.html
* https://www.suse.com/security/cve/CVE-2022-48627.html
* https://www.suse.com/security/cve/CVE-2022-48628.html
* https://www.suse.com/security/cve/CVE-2022-48629.html
* https://www.suse.com/security/cve/CVE-2022-48630.html
* https://www.suse.com/security/cve/CVE-2023-0160.html
* https://www.suse.com/security/cve/CVE-2023-28746.html
* https://www.suse.com/security/cve/CVE-2023-35827.html
* https://www.suse.com/security/cve/CVE-2023-4881.html
* https://www.suse.com/security/cve/CVE-2023-52447.html
* https://www.suse.com/security/cve/CVE-2023-52450.html
* https://www.suse.com/security/cve/CVE-2023-52453.html
* https://www.suse.com/security/cve/CVE-2023-52454.html
* https://www.suse.com/security/cve/CVE-2023-52462.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52467.html
* https://www.suse.com/security/cve/CVE-2023-52469.html
* https://www.suse.com/security/cve/CVE-2023-52470.html
* https://www.suse.com/security/cve/CVE-2023-52474.html
* https://www.suse.com/security/cve/CVE-2023-52476.html
* https://www.suse.com/security/cve/CVE-2023-52477.html
* https://www.suse.com/security/cve/CVE-2023-52481.html
* https://www.suse.com/security/cve/CVE-2023-52482.html
* https://www.suse.com/security/cve/CVE-2023-52484.html
* https://www.suse.com/security/cve/CVE-2023-52486.html
* https://www.suse.com/security/cve/CVE-2023-52492.html
* https://www.suse.com/security/cve/CVE-2023-52493.html
* https://www.suse.com/security/cve/CVE-2023-52494.html
* https://www.suse.com/security/cve/CVE-2023-52497.html
* https://www.suse.com/security/cve/CVE-2023-52500.html
* https://www.suse.com/security/cve/CVE-2023-52501.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52504.html
* https://www.suse.com/security/cve/CVE-2023-52507.html
* https://www.suse.com/security/cve/CVE-2023-52508.html
* https://www.suse.com/security/cve/CVE-2023-52509.html
* https://www.suse.com/security/cve/CVE-2023-52510.html
* https://www.suse.com/security/cve/CVE-2023-52511.html
* https://www.suse.com/security/cve/CVE-2023-52513.html
* https://www.suse.com/security/cve/CVE-2023-52515.html
* https://www.suse.com/security/cve/CVE-2023-52517.html
* https://www.suse.com/security/cve/CVE-2023-52518.html
* https://www.suse.com/security/cve/CVE-2023-52519.html
* https://www.suse.com/security/cve/CVE-2023-52520.html
* https://www.suse.com/security/cve/CVE-2023-52523.html
* https://www.suse.com/security/cve/CVE-2023-52524.html
* https://www.suse.com/security/cve/CVE-2023-52525.html
* https://www.suse.com/security/cve/CVE-2023-52528.html
* https://www.suse.com/security/cve/CVE-2023-52529.html
* https://www.suse.com/security/cve/CVE-2023-52530.html
* https://www.suse.com/security/cve/CVE-2023-52531.html
* https://www.suse.com/security/cve/CVE-2023-52532.html
* https://www.suse.com/security/cve/CVE-2023-52559.html
* https://www.suse.com/security/cve/CVE-2023-52563.html
* https://www.suse.com/security/cve/CVE-2023-52564.html
* https://www.suse.com/security/cve/CVE-2023-52566.html
* https://www.suse.com/security/cve/CVE-2023-52567.html
* https://www.suse.com/security/cve/CVE-2023-52569.html
* https://www.suse.com/security/cve/CVE-2023-52574.html
* https://www.suse.com/security/cve/CVE-2023-52575.html
* https://www.suse.com/security/cve/CVE-2023-52576.html
* https://www.suse.com/security/cve/CVE-2023-52582.html
* https://www.suse.com/security/cve/CVE-2023-52583.html
* https://www.suse.com/security/cve/CVE-2023-52587.html
* https://www.suse.com/security/cve/CVE-2023-52591.html
* https://www.suse.com/security/cve/CVE-2023-52594.html
* https://www.suse.com/security/cve/CVE-2023-52595.html
* https://www.suse.com/security/cve/CVE-2023-52597.html
* https://www.suse.com/security/cve/CVE-2023-52598.html
* https://www.suse.com/security/cve/CVE-2023-52599.html
* https://www.suse.com/security/cve/CVE-2023-52600.html
* https://www.suse.com/security/cve/CVE-2023-52601.html
* https://www.suse.com/security/cve/CVE-2023-52602.html
* https://www.suse.com/security/cve/CVE-2023-52603.html
* https://www.suse.com/security/cve/CVE-2023-52604.html
* https://www.suse.com/security/cve/CVE-2023-52605.html
* https://www.suse.com/security/cve/CVE-2023-52606.html
* https://www.suse.com/security/cve/CVE-2023-52607.html
* https://www.suse.com/security/cve/CVE-2023-52608.html
* https://www.suse.com/security/cve/CVE-2023-52612.html
* https://www.suse.com/security/cve/CVE-2023-52615.html
* https://www.suse.com/security/cve/CVE-2023-52617.html
* https://www.suse.com/security/cve/CVE-2023-52619.html
* https://www.suse.com/security/cve/CVE-2023-52621.html
* https://www.suse.com/security/cve/CVE-2023-52623.html
* https://www.suse.com/security/cve/CVE-2023-52628.html
* https://www.suse.com/security/cve/CVE-2023-52632.html
* https://www.suse.com/security/cve/CVE-2023-52637.html
* https://www.suse.com/security/cve/CVE-2023-52639.html
* https://www.suse.com/security/cve/CVE-2023-6270.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-7042.html
* https://www.suse.com/security/cve/CVE-2023-7192.html
* https://www.suse.com/security/cve/CVE-2024-0841.html
* https://www.suse.com/security/cve/CVE-2024-2201.html
* https://www.suse.com/security/cve/CVE-2024-22099.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-25739.html
* https://www.suse.com/security/cve/CVE-2024-25742.html
* https://www.suse.com/security/cve/CVE-2024-25743.html
* https://www.suse.com/security/cve/CVE-2024-26599.html
* https://www.suse.com/security/cve/CVE-2024-26600.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26607.html
* https://www.suse.com/security/cve/CVE-2024-26612.html
* https://www.suse.com/security/cve/CVE-2024-26614.html
* https://www.suse.com/security/cve/CVE-2024-26620.html
* https://www.suse.com/security/cve/CVE-2024-26627.html
* https://www.suse.com/security/cve/CVE-2024-26629.html
* https://www.suse.com/security/cve/CVE-2024-26642.html
* https://www.suse.com/security/cve/CVE-2024-26645.html
* https://www.suse.com/security/cve/CVE-2024-26646.html
* https://www.suse.com/security/cve/CVE-2024-26651.html
* https://www.suse.com/security/cve/CVE-2024-26654.html
* https://www.suse.com/security/cve/CVE-2024-26659.html
* https://www.suse.com/security/cve/CVE-2024-26664.html
* https://www.suse.com/security/cve/CVE-2024-26667.html
* https://www.suse.com/security/cve/CVE-2024-26670.html
* https://www.suse.com/security/cve/CVE-2024-26695.html
* https://www.suse.com/security/cve/CVE-2024-26717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1200465
* https://bugzilla.suse.com/show_bug.cgi?id=1205316
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1209635
* https://bugzilla.suse.com/show_bug.cgi?id=1209657
* https://bugzilla.suse.com/show_bug.cgi?id=1212514
* https://bugzilla.suse.com/show_bug.cgi?id=1213456
* https://bugzilla.suse.com/show_bug.cgi?id=1214852
* https://bugzilla.suse.com/show_bug.cgi?id=1215221
* https://bugzilla.suse.com/show_bug.cgi?id=1215322
* https://bugzilla.suse.com/show_bug.cgi?id=1217339
* https://bugzilla.suse.com/show_bug.cgi?id=1217829
* https://bugzilla.suse.com/show_bug.cgi?id=1217959
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218321
* https://bugzilla.suse.com/show_bug.cgi?id=1218336
* https://bugzilla.suse.com/show_bug.cgi?id=1218479
* https://bugzilla.suse.com/show_bug.cgi?id=1218562
* https://bugzilla.suse.com/show_bug.cgi?id=1218643
* https://bugzilla.suse.com/show_bug.cgi?id=1218777
* https://bugzilla.suse.com/show_bug.cgi?id=1219169
* https://bugzilla.suse.com/show_bug.cgi?id=1219170
* https://bugzilla.suse.com/show_bug.cgi?id=1219264
* https://bugzilla.suse.com/show_bug.cgi?id=1219443
* https://bugzilla.suse.com/show_bug.cgi?id=1219834
* https://bugzilla.suse.com/show_bug.cgi?id=1220114
* https://bugzilla.suse.com/show_bug.cgi?id=1220176
* https://bugzilla.suse.com/show_bug.cgi?id=1220237
* https://bugzilla.suse.com/show_bug.cgi?id=1220251
* https://bugzilla.suse.com/show_bug.cgi?id=1220320
* https://bugzilla.suse.com/show_bug.cgi?id=1220325
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220337
* https://bugzilla.suse.com/show_bug.cgi?id=1220340
* https://bugzilla.suse.com/show_bug.cgi?id=1220365
* https://bugzilla.suse.com/show_bug.cgi?id=1220366
* https://bugzilla.suse.com/show_bug.cgi?id=1220393
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220411
* https://bugzilla.suse.com/show_bug.cgi?id=1220413
* https://bugzilla.suse.com/show_bug.cgi?id=1220433
* https://bugzilla.suse.com/show_bug.cgi?id=1220439
* https://bugzilla.suse.com/show_bug.cgi?id=1220443
* https://bugzilla.suse.com/show_bug.cgi?id=1220445
* https://bugzilla.suse.com/show_bug.cgi?id=1220466
* https://bugzilla.suse.com/show_bug.cgi?id=1220469
* https://bugzilla.suse.com/show_bug.cgi?id=1220478
* https://bugzilla.suse.com/show_bug.cgi?id=1220482
* https://bugzilla.suse.com/show_bug.cgi?id=1220484
* https://bugzilla.suse.com/show_bug.cgi?id=1220486
* https://bugzilla.suse.com/show_bug.cgi?id=1220487
* https://bugzilla.suse.com/show_bug.cgi?id=1220492
* https://bugzilla.suse.com/show_bug.cgi?id=1220703
* https://bugzilla.suse.com/show_bug.cgi?id=1220735
* https://bugzilla.suse.com/show_bug.cgi?id=1220736
* https://bugzilla.suse.com/show_bug.cgi?id=1220775
* https://bugzilla.suse.com/show_bug.cgi?id=1220790
* https://bugzilla.suse.com/show_bug.cgi?id=1220797
* https://bugzilla.suse.com/show_bug.cgi?id=1220831
* https://bugzilla.suse.com/show_bug.cgi?id=1220833
* https://bugzilla.suse.com/show_bug.cgi?id=1220836
* https://bugzilla.suse.com/show_bug.cgi?id=1220839
* https://bugzilla.suse.com/show_bug.cgi?id=1220840
* https://bugzilla.suse.com/show_bug.cgi?id=1220843
* https://bugzilla.suse.com/show_bug.cgi?id=1220845
* https://bugzilla.suse.com/show_bug.cgi?id=1220848
* https://bugzilla.suse.com/show_bug.cgi?id=1220870
* https://bugzilla.suse.com/show_bug.cgi?id=1220871
* https://bugzilla.suse.com/show_bug.cgi?id=1220872
* https://bugzilla.suse.com/show_bug.cgi?id=1220878
* https://bugzilla.suse.com/show_bug.cgi?id=1220879
* https://bugzilla.suse.com/show_bug.cgi?id=1220883
* https://bugzilla.suse.com/show_bug.cgi?id=1220885
* https://bugzilla.suse.com/show_bug.cgi?id=1220887
* https://bugzilla.suse.com/show_bug.cgi?id=1220898
* https://bugzilla.suse.com/show_bug.cgi?id=1220917
* https://bugzilla.suse.com/show_bug.cgi?id=1220918
* https://bugzilla.suse.com/show_bug.cgi?id=1220920
* https://bugzilla.suse.com/show_bug.cgi?id=1220921
* https://bugzilla.suse.com/show_bug.cgi?id=1220926
* https://bugzilla.suse.com/show_bug.cgi?id=1220927
* https://bugzilla.suse.com/show_bug.cgi?id=1220929
* https://bugzilla.suse.com/show_bug.cgi?id=1220930
* https://bugzilla.suse.com/show_bug.cgi?id=1220931
* https://bugzilla.suse.com/show_bug.cgi?id=1220932
* https://bugzilla.suse.com/show_bug.cgi?id=1220933
* https://bugzilla.suse.com/show_bug.cgi?id=1220937
* https://bugzilla.suse.com/show_bug.cgi?id=1220938
* https://bugzilla.suse.com/show_bug.cgi?id=1220940
* https://bugzilla.suse.com/show_bug.cgi?id=1220954
* https://bugzilla.suse.com/show_bug.cgi?id=1220955
* https://bugzilla.suse.com/show_bug.cgi?id=1220959
* https://bugzilla.suse.com/show_bug.cgi?id=1220960
* https://bugzilla.suse.com/show_bug.cgi?id=1220961
* https://bugzilla.suse.com/show_bug.cgi?id=1220965
* https://bugzilla.suse.com/show_bug.cgi?id=1220969
* https://bugzilla.suse.com/show_bug.cgi?id=1220978
* https://bugzilla.suse.com/show_bug.cgi?id=1220979
* https://bugzilla.suse.com/show_bug.cgi?id=1220981
* https://bugzilla.suse.com/show_bug.cgi?id=1220982
* https://bugzilla.suse.com/show_bug.cgi?id=1220983
* https://bugzilla.suse.com/show_bug.cgi?id=1220985
* https://bugzilla.suse.com/show_bug.cgi?id=1220986
* https://bugzilla.suse.com/show_bug.cgi?id=1220987
* https://bugzilla.suse.com/show_bug.cgi?id=1220989
* https://bugzilla.suse.com/show_bug.cgi?id=1220990
* https://bugzilla.suse.com/show_bug.cgi?id=1221009
* https://bugzilla.suse.com/show_bug.cgi?id=1221012
* https://bugzilla.suse.com/show_bug.cgi?id=1221015
* https://bugzilla.suse.com/show_bug.cgi?id=1221022
* https://bugzilla.suse.com/show_bug.cgi?id=1221039
* https://bugzilla.suse.com/show_bug.cgi?id=1221040
* https://bugzilla.suse.com/show_bug.cgi?id=1221044
* https://bugzilla.suse.com/show_bug.cgi?id=1221045
* https://bugzilla.suse.com/show_bug.cgi?id=1221046
* https://bugzilla.suse.com/show_bug.cgi?id=1221048
* https://bugzilla.suse.com/show_bug.cgi?id=1221055
* https://bugzilla.suse.com/show_bug.cgi?id=1221056
* https://bugzilla.suse.com/show_bug.cgi?id=1221058
* https://bugzilla.suse.com/show_bug.cgi?id=1221060
* https://bugzilla.suse.com/show_bug.cgi?id=1221061
* https://bugzilla.suse.com/show_bug.cgi?id=1221062
* https://bugzilla.suse.com/show_bug.cgi?id=1221066
* https://bugzilla.suse.com/show_bug.cgi?id=1221067
* https://bugzilla.suse.com/show_bug.cgi?id=1221068
* https://bugzilla.suse.com/show_bug.cgi?id=1221069
* https://bugzilla.suse.com/show_bug.cgi?id=1221070
* https://bugzilla.suse.com/show_bug.cgi?id=1221071
* https://bugzilla.suse.com/show_bug.cgi?id=1221077
* https://bugzilla.suse.com/show_bug.cgi?id=1221082
* https://bugzilla.suse.com/show_bug.cgi?id=1221090
* https://bugzilla.suse.com/show_bug.cgi?id=1221097
* https://bugzilla.suse.com/show_bug.cgi?id=1221156
* https://bugzilla.suse.com/show_bug.cgi?id=1221252
* https://bugzilla.suse.com/show_bug.cgi?id=1221273
* https://bugzilla.suse.com/show_bug.cgi?id=1221274
* https://bugzilla.suse.com/show_bug.cgi?id=1221276
* https://bugzilla.suse.com/show_bug.cgi?id=1221277
* https://bugzilla.suse.com/show_bug.cgi?id=1221291
* https://bugzilla.suse.com/show_bug.cgi?id=1221293
* https://bugzilla.suse.com/show_bug.cgi?id=1221298
* https://bugzilla.suse.com/show_bug.cgi?id=1221337
* https://bugzilla.suse.com/show_bug.cgi?id=1221338
* https://bugzilla.suse.com/show_bug.cgi?id=1221375
* https://bugzilla.suse.com/show_bug.cgi?id=1221379
* https://bugzilla.suse.com/show_bug.cgi?id=1221551
* https://bugzilla.suse.com/show_bug.cgi?id=1221553
* https://bugzilla.suse.com/show_bug.cgi?id=1221613
* https://bugzilla.suse.com/show_bug.cgi?id=1221614
* https://bugzilla.suse.com/show_bug.cgi?id=1221616
* https://bugzilla.suse.com/show_bug.cgi?id=1221618
* https://bugzilla.suse.com/show_bug.cgi?id=1221631
* https://bugzilla.suse.com/show_bug.cgi?id=1221633
* https://bugzilla.suse.com/show_bug.cgi?id=1221713
* https://bugzilla.suse.com/show_bug.cgi?id=1221725
* https://bugzilla.suse.com/show_bug.cgi?id=1221777
* https://bugzilla.suse.com/show_bug.cgi?id=1221814
* https://bugzilla.suse.com/show_bug.cgi?id=1221816
* https://bugzilla.suse.com/show_bug.cgi?id=1221830
* https://bugzilla.suse.com/show_bug.cgi?id=1221951
* https://bugzilla.suse.com/show_bug.cgi?id=1222033
* https://bugzilla.suse.com/show_bug.cgi?id=1222056
* https://bugzilla.suse.com/show_bug.cgi?id=1222060
* https://bugzilla.suse.com/show_bug.cgi?id=1222070
* https://bugzilla.suse.com/show_bug.cgi?id=1222073
* https://bugzilla.suse.com/show_bug.cgi?id=1222117
* https://bugzilla.suse.com/show_bug.cgi?id=1222274
* https://bugzilla.suse.com/show_bug.cgi?id=1222291
* https://bugzilla.suse.com/show_bug.cgi?id=1222300
* https://bugzilla.suse.com/show_bug.cgi?id=1222304
* https://bugzilla.suse.com/show_bug.cgi?id=1222317
* https://bugzilla.suse.com/show_bug.cgi?id=1222331
* https://bugzilla.suse.com/show_bug.cgi?id=1222355
* https://bugzilla.suse.com/show_bug.cgi?id=1222356
* https://bugzilla.suse.com/show_bug.cgi?id=1222360
* https://bugzilla.suse.com/show_bug.cgi?id=1222366
* https://bugzilla.suse.com/show_bug.cgi?id=1222373
* https://bugzilla.suse.com/show_bug.cgi?id=1222619
* https://bugzilla.suse.com/show_bug.cgi?id=1222952
* https://jira.suse.com/browse/PED-5759
* https://jira.suse.com/browse/PED-7167
* https://jira.suse.com/browse/PED-7618
* https://jira.suse.com/browse/PED-7619



SUSE-SU-2024:1475-1: important: Security update for frr


# Security update for frr

Announcement ID: SUSE-SU-2024:1475-1
Rating: important
References:

* bsc#1222518

Cross-References:

* CVE-2024-31948

CVSS scores:

* CVE-2024-31948 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for frr fixes the following issues:

* CVE-2024-31948: Fixed denial of service due to malformed Prefix SID
attribute in BGP Update packet (bsc#1222518)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1475=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1475=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1475=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1475=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1475=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1475=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1475=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1475=1

* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1475=1

* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1475=1

* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1475=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1475=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Manager Proxy 4.3 (x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libfrr_pb0-debuginfo-7.4-150300.4.23.1
* frr-debugsource-7.4-150300.4.23.1
* libfrrzmq0-debuginfo-7.4-150300.4.23.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.23.1
* libfrrcares0-debuginfo-7.4-150300.4.23.1
* frr-devel-7.4-150300.4.23.1
* libfrrospfapiclient0-7.4-150300.4.23.1
* libmlag_pb0-7.4-150300.4.23.1
* libfrr0-debuginfo-7.4-150300.4.23.1
* libfrr0-7.4-150300.4.23.1
* libfrrfpm_pb0-debuginfo-7.4-150300.4.23.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.23.1
* frr-debuginfo-7.4-150300.4.23.1
* libfrrsnmp0-7.4-150300.4.23.1
* libmlag_pb0-debuginfo-7.4-150300.4.23.1
* libfrrfpm_pb0-7.4-150300.4.23.1
* libfrrgrpc_pb0-7.4-150300.4.23.1
* libfrr_pb0-7.4-150300.4.23.1
* libfrrcares0-7.4-150300.4.23.1
* libfrrzmq0-7.4-150300.4.23.1
* frr-7.4-150300.4.23.1
* libfrrsnmp0-debuginfo-7.4-150300.4.23.1

## References:

* https://www.suse.com/security/cve/CVE-2024-31948.html
* https://bugzilla.suse.com/show_bug.cgi?id=1222518



SUSE-SU-2024:1468-1: important: Security update for ffmpeg


# Security update for ffmpeg

Announcement ID: SUSE-SU-2024:1468-1
Rating: important
References:

* bsc#1190721
* bsc#1190724
* bsc#1190727
* bsc#1190728
* bsc#1190731
* bsc#1190732
* bsc#1223070
* bsc#1223235

Cross-References:

* CVE-2020-20894
* CVE-2020-20898
* CVE-2020-20900
* CVE-2020-20901
* CVE-2021-38090
* CVE-2021-38091
* CVE-2021-38094
* CVE-2023-49502
* CVE-2024-31578

CVSS scores:

* CVE-2020-20894 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-20898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-20898 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2020-20900 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2020-20901 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-38090 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-38090 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2021-38091 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-38091 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2021-38094 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2021-38094 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-49502 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-31578 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Affected Products:

* Desktop Applications Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves nine vulnerabilities can now be installed.

## Description:

This update for ffmpeg fixes the following issues:

* CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when
vulkan_frames init failed (bsc#1223070)
* CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c
function in libavfilter/bwdifdsp.c (bsc#1223235)

Adding references for already fixed issues:

* CVE-2021-38091: Fixed integer overflow in function filter16_sobel in
libavfilter/vf_convolution.c (bsc#1190732)
* CVE-2021-38090: Fixed integer overflow in function filter16_roberts in
libavfilter/vf_convolution.c (bsc#1190731)
* CVE-2020-20898: Fixed integer overflow vulnerability in function
filter16_prewitt in libavfilter/vf_convolution.c (bsc#1190724)
* CVE-2020-20901: Fixed buffer overflow vulnerability in function filter_frame
in libavfilter/vf_fieldorder.c (bsc#1190728)
* CVE-2020-20900: Fixed buffer overflow vulnerability in function
gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190727)
* CVE-2020-20894: Fixed buffer Overflow vulnerability in function
gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190721)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1468=1

* Desktop Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1468=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1468=1

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1468=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1468=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1468=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1468=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1468=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1468=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1468=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1468=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1468=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1468=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1468=1

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1468=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1468=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libavcodec-devel-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* ffmpeg-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* libavfilter6-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libavdevice-devel-3.4.2-150200.11.41.1
* libavfilter6-3.4.2-150200.11.41.1
* libavfilter-devel-3.4.2-150200.11.41.1
* libavdevice57-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libavformat-devel-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libavdevice57-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-private-devel-3.4.2-150200.11.41.1
* openSUSE Leap 15.5 (x86_64)
* libavutil55-32bit-3.4.2-150200.11.41.1
* libpostproc54-32bit-3.4.2-150200.11.41.1
* libavdevice57-32bit-debuginfo-3.4.2-150200.11.41.1
* libavutil55-32bit-debuginfo-3.4.2-150200.11.41.1
* libpostproc54-32bit-debuginfo-3.4.2-150200.11.41.1
* libswresample2-32bit-3.4.2-150200.11.41.1
* libavfilter6-32bit-debuginfo-3.4.2-150200.11.41.1
* libavcodec57-32bit-3.4.2-150200.11.41.1
* libavfilter6-32bit-3.4.2-150200.11.41.1
* libavformat57-32bit-3.4.2-150200.11.41.1
* libavformat57-32bit-debuginfo-3.4.2-150200.11.41.1
* libavcodec57-32bit-debuginfo-3.4.2-150200.11.41.1
* libswresample2-32bit-debuginfo-3.4.2-150200.11.41.1
* libavresample3-32bit-3.4.2-150200.11.41.1
* libswscale4-32bit-3.4.2-150200.11.41.1
* libavdevice57-32bit-3.4.2-150200.11.41.1
* libswscale4-32bit-debuginfo-3.4.2-150200.11.41.1
* libavresample3-32bit-debuginfo-3.4.2-150200.11.41.1
* Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* libavdevice57-3.4.2-150200.11.41.1
* libavfilter6-3.4.2-150200.11.41.1
* libavresample3-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* ffmpeg-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libavdevice57-debuginfo-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* libavfilter6-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libavresample3-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libavresample3-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libavcodec-devel-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libavformat-devel-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libavresample3-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libavresample3-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libavcodec-devel-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libavformat-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libavresample3-3.4.2-150200.11.41.1
* libswscale4-debuginfo-3.4.2-150200.11.41.1
* libavutil-devel-3.4.2-150200.11.41.1
* libavresample3-debuginfo-3.4.2-150200.11.41.1
* libswscale-devel-3.4.2-150200.11.41.1
* ffmpeg-debuginfo-3.4.2-150200.11.41.1
* libswresample2-debuginfo-3.4.2-150200.11.41.1
* libswscale4-3.4.2-150200.11.41.1
* libavutil55-debuginfo-3.4.2-150200.11.41.1
* libavutil55-3.4.2-150200.11.41.1
* libpostproc54-3.4.2-150200.11.41.1
* libavcodec57-debuginfo-3.4.2-150200.11.41.1
* ffmpeg-debugsource-3.4.2-150200.11.41.1
* libavformat57-3.4.2-150200.11.41.1
* libpostproc-devel-3.4.2-150200.11.41.1
* libavresample-devel-3.4.2-150200.11.41.1
* libavcodec57-3.4.2-150200.11.41.1
* libswresample-devel-3.4.2-150200.11.41.1
* libpostproc54-debuginfo-3.4.2-150200.11.41.1
* libswresample2-3.4.2-150200.11.41.1
* libavformat57-debuginfo-3.4.2-150200.11.41.1

## References:

* https://www.suse.com/security/cve/CVE-2020-20894.html
* https://www.suse.com/security/cve/CVE-2020-20898.html
* https://www.suse.com/security/cve/CVE-2020-20900.html
* https://www.suse.com/security/cve/CVE-2020-20901.html
* https://www.suse.com/security/cve/CVE-2021-38090.html
* https://www.suse.com/security/cve/CVE-2021-38091.html
* https://www.suse.com/security/cve/CVE-2021-38094.html
* https://www.suse.com/security/cve/CVE-2023-49502.html
* https://www.suse.com/security/cve/CVE-2024-31578.html
* https://bugzilla.suse.com/show_bug.cgi?id=1190721
* https://bugzilla.suse.com/show_bug.cgi?id=1190724
* https://bugzilla.suse.com/show_bug.cgi?id=1190727
* https://bugzilla.suse.com/show_bug.cgi?id=1190728
* https://bugzilla.suse.com/show_bug.cgi?id=1190731
* https://bugzilla.suse.com/show_bug.cgi?id=1190732
* https://bugzilla.suse.com/show_bug.cgi?id=1223070
* https://bugzilla.suse.com/show_bug.cgi?id=1223235



SUSE-SU-2024:1470-1: important: Security update for ffmpeg-4


# Security update for ffmpeg-4

Announcement ID: SUSE-SU-2024:1470-1
Rating: important
References:

* bsc#1223070
* bsc#1223235
* bsc#1223272

Cross-References:

* CVE-2023-49502
* CVE-2023-51793
* CVE-2024-31578

CVSS scores:

* CVE-2023-49502 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2023-51793 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-31578 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Workstation Extension 15 SP5
* SUSE Package Hub 15 15-SP5

An update that solves three vulnerabilities can now be installed.

## Description:

This update for ffmpeg-4 fixes the following issues:

* CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when
vulkan_frames init failed (bsc#1223070)
* CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c
function in libavfilter/bwdifdsp.c (bsc#1223235)
* CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function
in libavutil/imgutils.c (bsc#1223272)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1470=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1470=1

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1470=1

* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1470=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1470=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1470=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1470=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1470=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1470=1

## Package List:

* SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libswscale5_9-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libswscale5_9-debuginfo-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* ffmpeg-4-libavutil-devel-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-libavfilter-devel-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libswscale5_9-4.4-150400.3.24.1
* ffmpeg-4-libswresample-devel-4.4-150400.3.24.1
* ffmpeg-4-private-devel-4.4-150400.3.24.1
* ffmpeg-4-libavdevice-devel-4.4-150400.3.24.1
* ffmpeg-4-libavresample-devel-4.4-150400.3.24.1
* ffmpeg-4-libavcodec-devel-4.4-150400.3.24.1
* libavdevice58_13-4.4-150400.3.24.1
* libswscale5_9-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-libavformat-devel-4.4-150400.3.24.1
* ffmpeg-4-libswscale-devel-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libavfilter7_110-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-4.4-150400.3.24.1
* libavdevice58_13-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavresample4_0-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* libavresample4_0-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libavfilter7_110-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* ffmpeg-4-libpostproc-devel-4.4-150400.3.24.1
* openSUSE Leap 15.4 (x86_64)
* libavcodec58_134-32bit-4.4-150400.3.24.1
* libavdevice58_13-32bit-4.4-150400.3.24.1
* libavutil56_70-32bit-4.4-150400.3.24.1
* libswscale5_9-32bit-4.4-150400.3.24.1
* libswscale5_9-32bit-debuginfo-4.4-150400.3.24.1
* libavfilter7_110-32bit-debuginfo-4.4-150400.3.24.1
* libavformat58_76-32bit-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-32bit-4.4-150400.3.24.1
* libavfilter7_110-32bit-4.4-150400.3.24.1
* libavutil56_70-32bit-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-32bit-debuginfo-4.4-150400.3.24.1
* libavdevice58_13-32bit-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-32bit-debuginfo-4.4-150400.3.24.1
* libavformat58_76-32bit-4.4-150400.3.24.1
* libavresample4_0-32bit-debuginfo-4.4-150400.3.24.1
* libswresample3_9-32bit-debuginfo-4.4-150400.3.24.1
* libswresample3_9-32bit-4.4-150400.3.24.1
* libavresample4_0-32bit-4.4-150400.3.24.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libavformat58_76-64bit-4.4-150400.3.24.1
* libavcodec58_134-64bit-4.4-150400.3.24.1
* libavdevice58_13-64bit-4.4-150400.3.24.1
* libavdevice58_13-64bit-debuginfo-4.4-150400.3.24.1
* libswscale5_9-64bit-debuginfo-4.4-150400.3.24.1
* libavformat58_76-64bit-debuginfo-4.4-150400.3.24.1
* libavfilter7_110-64bit-4.4-150400.3.24.1
* libavutil56_70-64bit-debuginfo-4.4-150400.3.24.1
* libswscale5_9-64bit-4.4-150400.3.24.1
* libswresample3_9-64bit-4.4-150400.3.24.1
* libavfilter7_110-64bit-debuginfo-4.4-150400.3.24.1
* libavresample4_0-64bit-4.4-150400.3.24.1
* libavutil56_70-64bit-4.4-150400.3.24.1
* libavcodec58_134-64bit-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-64bit-4.4-150400.3.24.1
* libpostproc55_9-64bit-debuginfo-4.4-150400.3.24.1
* libswresample3_9-64bit-debuginfo-4.4-150400.3.24.1
* libavresample4_0-64bit-debuginfo-4.4-150400.3.24.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* ffmpeg-4-libavutil-devel-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-libavfilter-devel-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libswscale5_9-4.4-150400.3.24.1
* ffmpeg-4-libswresample-devel-4.4-150400.3.24.1
* ffmpeg-4-private-devel-4.4-150400.3.24.1
* ffmpeg-4-libavdevice-devel-4.4-150400.3.24.1
* ffmpeg-4-libavresample-devel-4.4-150400.3.24.1
* ffmpeg-4-libavcodec-devel-4.4-150400.3.24.1
* libavdevice58_13-4.4-150400.3.24.1
* libswscale5_9-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-libavformat-devel-4.4-150400.3.24.1
* ffmpeg-4-libswscale-devel-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libavfilter7_110-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* ffmpeg-4-4.4-150400.3.24.1
* libavdevice58_13-debuginfo-4.4-150400.3.24.1
* libavresample4_0-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* libavresample4_0-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libavfilter7_110-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* ffmpeg-4-libpostproc-devel-4.4-150400.3.24.1
* openSUSE Leap 15.5 (x86_64)
* libavcodec58_134-32bit-4.4-150400.3.24.1
* libavdevice58_13-32bit-4.4-150400.3.24.1
* libavutil56_70-32bit-4.4-150400.3.24.1
* libswscale5_9-32bit-4.4-150400.3.24.1
* libswscale5_9-32bit-debuginfo-4.4-150400.3.24.1
* libavfilter7_110-32bit-debuginfo-4.4-150400.3.24.1
* libavformat58_76-32bit-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-32bit-4.4-150400.3.24.1
* libavfilter7_110-32bit-4.4-150400.3.24.1
* libavutil56_70-32bit-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-32bit-debuginfo-4.4-150400.3.24.1
* libavdevice58_13-32bit-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-32bit-debuginfo-4.4-150400.3.24.1
* libavformat58_76-32bit-4.4-150400.3.24.1
* libavresample4_0-32bit-debuginfo-4.4-150400.3.24.1
* libswresample3_9-32bit-debuginfo-4.4-150400.3.24.1
* libswresample3_9-32bit-4.4-150400.3.24.1
* libavresample4_0-32bit-4.4-150400.3.24.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* ffmpeg-4-libavutil-devel-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-libavfilter-devel-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libswscale5_9-4.4-150400.3.24.1
* ffmpeg-4-libswresample-devel-4.4-150400.3.24.1
* ffmpeg-4-private-devel-4.4-150400.3.24.1
* ffmpeg-4-libavdevice-devel-4.4-150400.3.24.1
* ffmpeg-4-libavresample-devel-4.4-150400.3.24.1
* ffmpeg-4-libavcodec-devel-4.4-150400.3.24.1
* libavdevice58_13-4.4-150400.3.24.1
* libswscale5_9-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-libavformat-devel-4.4-150400.3.24.1
* ffmpeg-4-libswscale-devel-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libavfilter7_110-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* ffmpeg-4-4.4-150400.3.24.1
* libavdevice58_13-debuginfo-4.4-150400.3.24.1
* libavresample4_0-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* libavresample4_0-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libavfilter7_110-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* ffmpeg-4-libpostproc-devel-4.4-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libswscale5_9-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libswscale5_9-debuginfo-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* ffmpeg-4-debugsource-4.4-150400.3.24.1
* ffmpeg-4-debuginfo-4.4-150400.3.24.1
* libswresample3_9-4.4-150400.3.24.1
* libavutil56_70-4.4-150400.3.24.1
* libpostproc55_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-debuginfo-4.4-150400.3.24.1
* libpostproc55_9-4.4-150400.3.24.1
* libavcodec58_134-4.4-150400.3.24.1
* libswresample3_9-debuginfo-4.4-150400.3.24.1
* libavformat58_76-4.4-150400.3.24.1
* libavutil56_70-debuginfo-4.4-150400.3.24.1
* libavcodec58_134-debuginfo-4.4-150400.3.24.1

## References:

* https://www.suse.com/security/cve/CVE-2023-49502.html
* https://www.suse.com/security/cve/CVE-2023-51793.html
* https://www.suse.com/security/cve/CVE-2024-31578.html
* https://bugzilla.suse.com/show_bug.cgi?id=1223070
* https://bugzilla.suse.com/show_bug.cgi?id=1223235
* https://bugzilla.suse.com/show_bug.cgi?id=1223272



SUSE-SU-2024:1466-1: important: Security update for the Linux Kernel


# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2024:1466-1
Rating: important
References:

* bsc#1194869
* bsc#1200465
* bsc#1205316
* bsc#1207948
* bsc#1209635
* bsc#1209657
* bsc#1212514
* bsc#1213456
* bsc#1214852
* bsc#1215221
* bsc#1215322
* bsc#1217339
* bsc#1217829
* bsc#1217959
* bsc#1217987
* bsc#1217988
* bsc#1217989
* bsc#1218321
* bsc#1218336
* bsc#1218479
* bsc#1218562
* bsc#1218643
* bsc#1218777
* bsc#1219169
* bsc#1219170
* bsc#1219264
* bsc#1219834
* bsc#1220114
* bsc#1220176
* bsc#1220237
* bsc#1220251
* bsc#1220320
* bsc#1220325
* bsc#1220328
* bsc#1220337
* bsc#1220340
* bsc#1220365
* bsc#1220366
* bsc#1220398
* bsc#1220411
* bsc#1220413
* bsc#1220433
* bsc#1220439
* bsc#1220443
* bsc#1220445
* bsc#1220466
* bsc#1220469
* bsc#1220478
* bsc#1220482
* bsc#1220484
* bsc#1220486
* bsc#1220487
* bsc#1220492
* bsc#1220703
* bsc#1220735
* bsc#1220736
* bsc#1220775
* bsc#1220790
* bsc#1220797
* bsc#1220831
* bsc#1220833
* bsc#1220836
* bsc#1220839
* bsc#1220840
* bsc#1220843
* bsc#1220845
* bsc#1220848
* bsc#1220870
* bsc#1220871
* bsc#1220872
* bsc#1220878
* bsc#1220879
* bsc#1220883
* bsc#1220885
* bsc#1220887
* bsc#1220898
* bsc#1220917
* bsc#1220918
* bsc#1220920
* bsc#1220921
* bsc#1220926
* bsc#1220927
* bsc#1220929
* bsc#1220930
* bsc#1220931
* bsc#1220932
* bsc#1220933
* bsc#1220937
* bsc#1220938
* bsc#1220940
* bsc#1220954
* bsc#1220955
* bsc#1220959
* bsc#1220960
* bsc#1220961
* bsc#1220965
* bsc#1220969
* bsc#1220978
* bsc#1220979
* bsc#1220981
* bsc#1220982
* bsc#1220983
* bsc#1220985
* bsc#1220986
* bsc#1220987
* bsc#1220989
* bsc#1220990
* bsc#1221009
* bsc#1221012
* bsc#1221015
* bsc#1221022
* bsc#1221039
* bsc#1221040
* bsc#1221044
* bsc#1221045
* bsc#1221046
* bsc#1221048
* bsc#1221055
* bsc#1221056
* bsc#1221058
* bsc#1221060
* bsc#1221061
* bsc#1221062
* bsc#1221066
* bsc#1221067
* bsc#1221068
* bsc#1221069
* bsc#1221070
* bsc#1221071
* bsc#1221077
* bsc#1221082
* bsc#1221090
* bsc#1221097
* bsc#1221156
* bsc#1221252
* bsc#1221273
* bsc#1221274
* bsc#1221276
* bsc#1221277
* bsc#1221291
* bsc#1221293
* bsc#1221298
* bsc#1221337
* bsc#1221338
* bsc#1221375
* bsc#1221379
* bsc#1221551
* bsc#1221553
* bsc#1221613
* bsc#1221614
* bsc#1221616
* bsc#1221618
* bsc#1221631
* bsc#1221633
* bsc#1221713
* bsc#1221725
* bsc#1221777
* bsc#1221814
* bsc#1221816
* bsc#1221830
* bsc#1221951
* bsc#1222033
* bsc#1222056
* bsc#1222060
* bsc#1222070
* bsc#1222073
* bsc#1222117
* bsc#1222274
* bsc#1222291
* bsc#1222300
* bsc#1222304
* bsc#1222317
* bsc#1222331
* bsc#1222355
* bsc#1222356
* bsc#1222360
* bsc#1222366
* bsc#1222373
* bsc#1222619
* bsc#1222952
* jsc#PED-5759
* jsc#PED-7167
* jsc#PED-7618
* jsc#PED-7619

Cross-References:

* CVE-2021-46925
* CVE-2021-46926
* CVE-2021-46927
* CVE-2021-46929
* CVE-2021-46930
* CVE-2021-46931
* CVE-2021-46933
* CVE-2021-46934
* CVE-2021-46936
* CVE-2021-47082
* CVE-2021-47083
* CVE-2021-47087
* CVE-2021-47091
* CVE-2021-47093
* CVE-2021-47094
* CVE-2021-47095
* CVE-2021-47096
* CVE-2021-47097
* CVE-2021-47098
* CVE-2021-47099
* CVE-2021-47100
* CVE-2021-47101
* CVE-2021-47102
* CVE-2021-47104
* CVE-2021-47105
* CVE-2021-47107
* CVE-2021-47108
* CVE-2022-4744
* CVE-2022-48626
* CVE-2022-48627
* CVE-2022-48628
* CVE-2022-48629
* CVE-2022-48630
* CVE-2023-0160
* CVE-2023-28746
* CVE-2023-35827
* CVE-2023-4881
* CVE-2023-52447
* CVE-2023-52450
* CVE-2023-52453
* CVE-2023-52454
* CVE-2023-52462
* CVE-2023-52463
* CVE-2023-52467
* CVE-2023-52469
* CVE-2023-52470
* CVE-2023-52474
* CVE-2023-52476
* CVE-2023-52477
* CVE-2023-52481
* CVE-2023-52482
* CVE-2023-52484
* CVE-2023-52486
* CVE-2023-52492
* CVE-2023-52493
* CVE-2023-52494
* CVE-2023-52497
* CVE-2023-52500
* CVE-2023-52501
* CVE-2023-52502
* CVE-2023-52504
* CVE-2023-52507
* CVE-2023-52508
* CVE-2023-52509
* CVE-2023-52510
* CVE-2023-52511
* CVE-2023-52513
* CVE-2023-52515
* CVE-2023-52517
* CVE-2023-52518
* CVE-2023-52519
* CVE-2023-52520
* CVE-2023-52523
* CVE-2023-52524
* CVE-2023-52525
* CVE-2023-52528
* CVE-2023-52529
* CVE-2023-52530
* CVE-2023-52531
* CVE-2023-52532
* CVE-2023-52559
* CVE-2023-52563
* CVE-2023-52564
* CVE-2023-52566
* CVE-2023-52567
* CVE-2023-52569
* CVE-2023-52574
* CVE-2023-52575
* CVE-2023-52576
* CVE-2023-52582
* CVE-2023-52583
* CVE-2023-52587
* CVE-2023-52591
* CVE-2023-52594
* CVE-2023-52595
* CVE-2023-52597
* CVE-2023-52598
* CVE-2023-52599
* CVE-2023-52600
* CVE-2023-52601
* CVE-2023-52602
* CVE-2023-52603
* CVE-2023-52604
* CVE-2023-52605
* CVE-2023-52606
* CVE-2023-52607
* CVE-2023-52608
* CVE-2023-52612
* CVE-2023-52615
* CVE-2023-52617
* CVE-2023-52619
* CVE-2023-52621
* CVE-2023-52623
* CVE-2023-52628
* CVE-2023-52632
* CVE-2023-52637
* CVE-2023-52639
* CVE-2023-6270
* CVE-2023-6356
* CVE-2023-6535
* CVE-2023-6536
* CVE-2023-7042
* CVE-2023-7192
* CVE-2024-0841
* CVE-2024-2201
* CVE-2024-22099
* CVE-2024-23307
* CVE-2024-25739
* CVE-2024-25742
* CVE-2024-26599
* CVE-2024-26600
* CVE-2024-26602
* CVE-2024-26607
* CVE-2024-26612
* CVE-2024-26614
* CVE-2024-26620
* CVE-2024-26627
* CVE-2024-26629
* CVE-2024-26642
* CVE-2024-26645
* CVE-2024-26646
* CVE-2024-26651
* CVE-2024-26654
* CVE-2024-26659
* CVE-2024-26664
* CVE-2024-26667
* CVE-2024-26670
* CVE-2024-26695
* CVE-2024-26717

CVSS scores:

* CVE-2021-46925 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46925 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46926 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46927 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46927 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46929 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-46929 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46930 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-46930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46931 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46933 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2021-46933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46934 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-46934 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2021-46936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-46936 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47082 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47083 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2021-47087 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-47091 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47093 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-47094 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2021-47095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47096 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-47097 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-47099 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47100 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47101 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2021-47102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-47104 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-47105 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2021-47107 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2021-47108 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48626 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2022-48626 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-48627 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2022-48628 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2022-48629 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2022-48630 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0160 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-0160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-4881 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2023-4881 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-52447 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52447 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52450 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52450 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52454 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52462 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-52462 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-52463 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52463 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52467 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52467 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52469 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-52469 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52470 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52474 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-52474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52476 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52477 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52482 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2023-52484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52486 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52493 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52494 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52497 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-52500 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-52501 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2023-52502 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52504 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52507 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2023-52508 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52509 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52510 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52511 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52513 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52515 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52517 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52518 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52519 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52524 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52525 ( SUSE ): 3.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-52528 ( SUSE ): 3.5 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-52529 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52531 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52559 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52563 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52564 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52566 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52567 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-52569 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52574 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52576 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52582 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52587 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-52594 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52595 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52597 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2023-52598 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52605 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52606 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52607 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52612 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-52615 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52617 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52619 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52621 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52623 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52628 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-52632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52637 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-52639 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7042 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7192 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-7192 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0841 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-0841 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-2201 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-22099 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-22099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-25739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25739 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-25742 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26599 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2024-26599 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26600 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26602 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-26602 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26607 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26612 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26627 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26629 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-26642 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26646 ( SUSE ): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-26651 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26654 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26659 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26664 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26667 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26670 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26717 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Real Time Module 15-SP5

An update that solves 149 vulnerabilities, contains four features and has 31
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various
security bugfixes.

NOTE: This update has been retracted due to a bug in the BHI CPU sidechannel
mitigation, which led to incorrect selection of other CPU mitigations.

The following security bugs were fixed:

* CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
* CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-
acpi (bsc#1220478).
* CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use
get_user_pages_unlocked() (bsc#1220443).
* CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump()
(bsc#1220482).
* CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
* CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq()
(bsc#1220486).
* CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
* CVE-2021-46934: Fixed a bug by validating user data in compat ioctl
(bsc#1220469).
* CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
* CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
* CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek:
(bsc#1220917).
* CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
* CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path
(bsc#1220959).
* CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core
(bsc#1220978).
* CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
* CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
* CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi
(bsc#1220981).
* CVE-2021-47097: Fixed stack out of bound access in
elantech_change_report_id() (bsc#1220982).
* CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations
hwmon: (lm90) (bsc#1220983).
* CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are
cloned (bsc#1220955).
* CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
* CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
* CVE-2021-47102: Fixed incorrect structure access In line: upper =
info->upper_dev in net/marvell/prestera (bsc#1221009).
* CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts()
(bsc#1220960).
* CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
* CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
* CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in
drm/mediatek (bsc#1220986).
* CVE-2022-4744: Fixed double-free that could lead to DoS or privilege
escalation in TUN/TAP device driver functionality (bsc#1209635).
* CVE-2022-48626: Fixed a potential use-after-free on remove path moxart
(bsc#1220366).
* CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer
(bsc#1220845).
* CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
* CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
* CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in
crypto: qcom-rng (bsc#1220990).
* CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to
potentially crash the system (bsc#1209657).
* CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
* CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work()
(bsc#1212514).
* CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem
that could lead to potential information disclosure or a denial of service
(bsc#1215221).
* CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround
(bsc#1220251).
* CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology()
(bsc#1220237).
* CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
* CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU
length (bsc#1220320).
* CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer
(bsc#1220325).
* CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
* CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register
(bsc#1220433).
* CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table
(bsc#1220411).
* CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
* CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec
user SDMA requests (bsc#1220445).
* CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI
during vsyscall (bsc#1220703).
* CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors
(bsc#1220790).
* CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520
(bsc#1220887).
* CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors
(bsc#1220735).
* CVE-2023-52484: Fixed a soft lockup triggered by
arm_smmu_mm_invalidate_range (bsc#1220797).
* CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
* CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration
function __dma_async_device_channel_register() (bsc#1221276).
* CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
* CVE-2023-52494: Fixed missing alignment check for event ring read pointer in
bus/mhi/host (bsc#1221273).
* CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
* CVE-2023-52500: Fixed information leaking when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
* CVE-2023-52501: Fixed possible memory corruption in ring-buffer
(bsc#1220885).
* CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (bsc#1220831).
* CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a
5-level paging machine (bsc#1221553).
* CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
* CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid()
(bsc#1221015).
* CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work()
(bsc#1220836).
* CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
* CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
* CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
* CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
* CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO
drain in spi/sun6i (bsc#1221055).
* CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
* CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc
(bsc#1220920).
* CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi
(bsc#1220921).
* CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf
(bsc#1220926).
* CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
* CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet()
(bsc#1220840).
* CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg()
(bsc#1220843).
* CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
* CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211
(bsc#1220930).
* CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
* CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
* CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend
(bsc#1220933).
* CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson
(bsc#1220937).
* CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux()
(bsc#1220938).
* CVE-2023-52566: Fixed potential use after free in
nilfs_gccache_submit_read_data() (bsc#1220940).
* CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ
polling (irq = 0) (bsc#1220839).
* CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to
insert delayed dir index item (bsc#1220918).
* CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
* CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off
(bsc#1220871).
* CVE-2023-52576: Fixed potential use after free in memblock_isolate_range()
(bsc#1220872).
* CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
* CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph
(bsc#1221058).
* CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
* CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via
directory renaming (bsc#1221044).
* CVE-2023-52594: Fixed potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (bsc#1221045).
* CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
* CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
* CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace
(bsc#1221060).
* CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs
(bsc#1221062).
* CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
* CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs
(bsc#1221068).
* CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs
(bsc#1221070).
* CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot()
(bsc#1221066).
* CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree()
(bsc#1221067).
* CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
* CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib
(bsc#1221069).
* CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add
kasprintf() (bsc#1221061).
* CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi
(bsc#1221375).
* CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp
(bsc#1221616).
* CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
* CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove
(bsc#1221613).
* CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd
number in pstore/ram (bsc#1221618).
* CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
* CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
* CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
* CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd
(bsc#1222274).
* CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939
(bsc#1222291).
* CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed
(bsc#1222300).
* CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts
(bsc#1218562).
* CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec
(bsc#1217987).
* CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request
(bsc#1217988).
* CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete
(bsc#1217989).
* CVE-2023-7042: Fixed a null-pointer-dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
* CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in
net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
* CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super
function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
* CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
* CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security
(bsc#1219170).
* CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86
and ARM md, raid, raid5 modules (bsc#1219169).
* CVE-2024-25739: Fixed possible crash in create_empty_lvol() in
drivers/mtd/ubi/vtbl.c (bsc#1219834).
* CVE-2024-25742: Fixed insufficient validation during #VC instruction
emulation in x86/sev (bsc#1221725).
* CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate()
(bsc#1220365).
* CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2
(bsc#1220340).
* CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
* CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
* CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences
(bsc#1221291).
* CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks
(bsc#1221293).
* CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap
(bsc#1221298).
* CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
* CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in
nfsd (bsc#1221379).
* CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter
nf_tables (bsc#1221830).
* CVE-2024-26645: Fixed missing visibility when inserting an element into
tracing_map (bsc#1222056).
* CVE-2024-26646: Fixed potential memory corruption when resuming from suspend
or hibernation in thermal/intel/hfi (bsc#1222070).
* CVE-2024-26651: Fixed possible oops via malicious devices in sr9800
(bsc#1221337).
* CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
* CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun
events in xhci (bsc#1222317).
* CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in
hwmon coretemp (bsc#1222355).
* CVE-2024-26667: Fixed null pointer reference in
dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
* CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in
kernel arm64 (bsc#1222356).
* CVE-2024-26695: Fixed null pointer dereference in
__sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
* CVE-2024-26717: Fixed null pointer dereference on failed power up in HID
i2c-hid-of (bsc#1222360).

The following non-security bugs were fixed:

* acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-
fixes).
* acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-
fixes).
* acpi: resource: Add Infinity laptops to irq1_edge_low_force_override
(stable-fixes).
* acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-
fixes).
* acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
* acpi: scan: Fix device check notification handling (git-fixes).
* acpica: debugger: check status of acpi_evaluate_object() in
acpi_db_walk_for_fields() (git-fixes).
* alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
* alsa: aoa: avoid false-positive format truncation warning (git-fixes).
* alsa: aw2: avoid casting function pointers (git-fixes).
* alsa: ctxfi: avoid casting function pointers (git-fixes).
* alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-
fixes).
* alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-
fixes).
* alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897
platform (git-fixes).
* alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
* alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with
microphone (git-fixes).
* alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
* alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
* alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
* alsa: seq: fix function cast warnings (git-fixes).
* alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
* alsa: usb-audio: Stop parsing channels bits when all channels are found
(git-fixes).
* arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
* arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
* arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-
fixes)
* arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
* arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
* arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
* arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
* arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
* arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
* arm64: mm: fix VA-range sanity check (git-fixes)
* arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
* asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
(stable-fixes).
* asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
* asoc: amd: acp: fix for acp_init function error handling (git-fixes).
* asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
* asoc: meson: Use dev_err_probe() helper (stable-fixes).
* asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
* asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
* asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
* asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
* asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
* asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
* asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
* asoc: rt5682-sdw: fix locking sequence (git-fixes).
* asoc: rt711-sdca: fix locking sequence (git-fixes).
* asoc: rt711-sdw: fix locking sequence (git-fixes).
* asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-
fixes).
* asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
* asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-
fixes).
* ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-
fixes).
* ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
* backlight: da9052: Fully initialize backlight_properties during probe (git-
fixes).
* backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-
fixes).
* backlight: lm3630a: Initialize backlight_properties on init (git-fixes).
* backlight: lm3639: Fully initialize backlight_properties during probe (git-
fixes).
* backlight: lp8788: Fully initialize backlight_properties during probe (git-
fixes).
* blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes).
* bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
* bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
* bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
* bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
* bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-
fixes).
* bpf, scripts: Correct GPL license name (git-fixes).
* bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
* can: softing: remove redundant NULL check (git-fixes).
* clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-
fixes).
* comedi: comedi_test: Prevent timers rescheduling during deletion (git-
fixes).
* coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
* coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
* coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus
(bsc#1220775)
* cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf()
(git-fixes).
* cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
(git-fixes).
* crypto: arm/sha - fix function cast warnings (git-fixes).
* crypto: qat - avoid division by zero (git-fixes).
* crypto: qat - fix deadlock in backlog processing (git-fixes).
* crypto: qat - fix double free during reset (git-fixes).
* crypto: qat - fix state machines cleanup paths (bsc#1218321).
* crypto: qat - fix unregistration of compression algorithms (git-fixes).
* crypto: qat - fix unregistration of crypto algorithms (git-fixes).
* crypto: qat - ignore subsequent state up commands (git-fixes).
* crypto: qat - increase size of buffers (git-fixes).
* crypto: qat - resolve race condition during AER recovery (git-fixes).
* crypto: xilinx - call finalize with bh disabled (git-fixes).
* doc-guide: kernel-doc: tell about object-like macros (git-fixes).
* doc/README.SUSE: Update information about module support status
(jsc#PED-5759)
* drivers: hv: vmbus: Calculate ring buffer size for more efficient use of
memory (git-fixes).
* drm/amd/display: Add FAMS validation before trying to use it (git-fixes).
* drm/amd/display: Add function for validate and update new stream (git-
fixes).
* drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes).
* drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-
fixes).
* drm/amd/display: Check if link state is valid (git-fixes).
* drm/amd/display: Copy DC context in the commit streams (git-fixes).
* drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes).
* drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes).
* drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes).
* drm/amd/display: Exit idle optimizations before attempt to access PHY (git-
fixes).
* drm/amd/display: Expand kernel doc for DC (git-fixes).
* drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes).
* drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
(git-fixes).
* drm/amd/display: Fix possible underflow for displays with large vblank (git-
fixes).
* drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes).
* drm/amd/display: Fix underflow issue on 175hz timing (git-fixes).
* drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-
fixes).
* drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-
fixes).
* drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes).
* drm/amd/display: Handle seamless boot stream (git-fixes).
* drm/amd/display: Handle virtual hardware detect (git-fixes).
* drm/amd/display: Include surface of unaffected streams (git-fixes).
* drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes).
* drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml
(git-fixes).
* drm/amd/display: Keep PHY active for dp config (git-fixes).
* drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
* drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes).
* drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes).
* drm/amd/display: Return the correct HDCP error code (stable-fixes).
* drm/amd/display: Revert vblank change that causes null pointer crash (git-
fixes).
* drm/amd/display: Rework comments on dc file (git-fixes).
* drm/amd/display: Rework context change check (git-fixes).
* drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-
fixes).
* drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-
fixes).
* drm/amd/display: Update OTG instance in the commit stream (git-fixes).
* drm/amd/display: Update correct DCN314 register header (git-fixes).
* drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-
fixes).
* drm/amd/display: Use DRAM speed from validation for dummy p-state (git-
fixes).
* drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes).
* drm/amd/display: Use min transition for all SubVP plane add/remove (git-
fixes).
* drm/amd/display: Write to correct dirty_rect (git-fixes).
* drm/amd/display: Wrong colorimetry workaround (git-fixes).
* drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
* drm/amd/display: add ODM case when looking for first split pipe (git-fixes).
* drm/amd/display: always switch off ODM before committing more streams (git-
fixes).
* drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-
fixes).
* drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
* drm/amd/display: ensure async flips are only accepted for fast updates (git-
fixes).
* drm/amd/display: fix ABM disablement (git-fixes).
* drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer()
(git-fixes).
* drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
* drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes).
* drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
* drm/amd/display: fix unbounded requesting for high pixel rate modes on
dcn315 (git-fixes).
* drm/amd/display: handle range offsets in VRR ranges (stable-fixes).
* drm/amd/display: perform a bounds check before filling dirty rectangles
(git-fixes).
* drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
* drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
* drm/amd/display: use low clocks for no plane configs (git-fixes).
* drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
* drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
* drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock
(git-fixes).
* drm/amd: Enable PCIe PME from D3 (git-fixes).
* drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes).
* drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
* drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
* drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
* drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-
fixes).
* drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
(git-fixes).
* drm/amdgpu: Force order between a read and write to the same address (git-
fixes).
* drm/amdgpu: Match against exact bootloader status (git-fixes).
* drm/amdgpu: Unset context priority is now invalid (git-fixes).
* drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
* drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
* drm/amdgpu: lower CS errors to debug severity (git-fixes).
* drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes).
* drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes).
* drm/display: fix typo (git-fixes).
* drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
* drm/etnaviv: Restore some id values (git-fixes).
* drm/exynos: do not return negative values from .get_modes() (stable-fixes).
* drm/exynos: fix a possible null-pointer dereference due to data race in
exynos_drm_crtc_atomic_disable() (git-fixes).
* drm/i915/bios: Tolerate devdata==NULL in
intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
* drm/i915/gt: Do not generate the command streamer for all the CCS (git-
fixes).
* drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
* drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes).
* drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes).
* drm/i915: Add missing CCS documentation (git-fixes).
* drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled
(git-fixes).
* drm/i915: Check before removing mm notifier (git-fixes).
* drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
* drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
(git-fixes).
* drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes).
* drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-
fixes).
* drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
* drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes).
* drm/msm/dpu: improve DSC allocation (git-fixes).
* drm/panel-edp: use put_sync in unprepare (git-fixes).
* drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-
fixes).
* drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes).
* drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes).
* drm/panel: do not return negative error codes from drm_panel_get_modes()
(stable-fixes).
* drm/panfrost: fix power transition timeout warnings (git-fixes).
* drm/probe-helper: warn about negative .get_modes() (stable-fixes).
* drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-
fixes).
* drm/qxl: remove unused variable from `qxl_process_single_command()` (git-
fixes).
* drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-
fixes).
* drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
* drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
* drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes).
* drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
* drm/rockchip: lvds: do not overwrite error code (git-fixes).
* drm/rockchip: lvds: do not print scary message when probing defer (git-
fixes).
* drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-
fixes).
* drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes).
* drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path
of tegra_dsi_probe() (git-fixes).
* drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-
fixes).
* drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-
fixes).
* drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes).
* drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-
fixes).
* drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths
of tegra_output_probe() (git-fixes).
* drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
* drm/tegra: rgb: Fix missing clk_put() in the error handling paths of
tegra_dc_rgb_probe() (git-fixes).
* drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-
fixes).
* drm/tidss: Fix initial plane zpos values (git-fixes).
* drm/tidss: Fix sync-lost issue with two displays (git-fixes).
* drm/ttm: Do not leak a resource on eviction error (git-fixes).
* drm/ttm: Do not print error message if eviction was interrupted (git-fixes).
* drm/vc4: Add module dependency on hdmi-codec (git-fixes).
* drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-
fixes).
* drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-
fixes).
* drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
* drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
* drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
* drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
(git-fixes).
* firewire: core: use long bus reset on gap count error (stable-fixes).
* fix "coresight: etm4x: Change etm4_platform_driver driver for MMIO devices"
(bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to
another function.
* hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
* hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
* hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-
fixes).
* hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-
fixes).
* hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-
fixes).
* hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-
fixes).
* i2c: aspeed: Fix the dummy irq expected print (git-fixes).
* i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-
fixes).
* i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes).
* ib/ipoib: Fix mcast list locking (git-fixes)
* iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
* iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
* input: gpio_keys_polled - suppress deferred probe error for gpio (stable-
fixes).
* input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
* input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
* input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
* input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
* input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
* input: pm8941-pwrkey - add software key press debouncing support (git-
fixes).
* input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
* input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
* input: xpad - add Lenovo Legion Go controllers (git-fixes).
* iommu/amd: Mark interrupt as managed (git-fixes).
* iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes).
* iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-
fixes).
* iommu/mediatek: Fix forever loop in error handling (git-fixes).
* iommu/vt-d: Allow to use flush-queue when first level is default (git-
fixes).
* iommu/vt-d: Do not issue ATS Invalidation request when device is
disconnected (git-fixes).
* iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
* iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes).
* kabi: PCI: Add locking to RMW PCI Express Capability Register accessors
(kabi).
* kconfig: fix infinite loop when expanding a macro at the end of file (git-
fixes).
* kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
* lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is
detected (git-commit).
* leds: aw2013: Unlock mutex before destroying it (git-fixes).
* lib/cmdline: Fix an invalid format specifier in an assertion msg (git-
fixes).
* make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
* md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
* md/raid5: release batch_last before waiting for another stripe_head (git-
fixes).
* md/raid6: use valid sector values to determine if an I/O should wait on the
reshape (git-fixes).
* md: Do not ignore suspended array in md_check_recovery() (git-fixes).
* md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
* md: Whenassemble the array, consult the superblock of the freshest device
(git-fixes).
* md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly()
(git-fixes).
* md: fix data corruption for raid456 when reshape restart while grow up (git-
fixes).
* md: introduce md_ro_state (git-fixes).
* media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
* media: edia: dvbdev: fix a use-after-free (git-fixes).
* media: em28xx: annotate unchecked call to media_device_register() (git-
fixes).
* media: go7007: add check of return value of go7007_read_addr() (git-fixes).
* media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
* media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
* media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
* media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
* media: pvrusb2: remove redundant NULL check (git-fixes).
* media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-
fixes).
* media: sun8i-di: Fix chroma difference threshold (git-fixes).
* media: sun8i-di: Fix coefficient writes (git-fixes).
* media: sun8i-di: Fix power on/off sequences (git-fixes).
* media: tc358743: register v4l2 async device only after successful setup
(git-fixes).
* media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
* media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes).
* media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
* media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
* media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes).
* mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a
ref (git-fixes).
* mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
(git-fixes).
* mm,page_owner: Defer enablement of static branch (bsc#1222366).
* mm,page_owner: Fix accounting of pages when migrating (bsc#1222366).
* mm,page_owner: Fix printing of stack records (bsc#1222366).
* mm,page_owner: Fix refcount imbalance (bsc#1222366).
* mm,page_owner: Update metadata for tail pages (bsc#1222366).
* mm,page_owner: check for null stack_record before bumping its refcount
(bsc#1222366).
* mm,page_owner: drop unnecessary check (bsc#1222366).
* mm,page_owner: fix recursion (bsc#1222366).
* mm/vmalloc: huge vmalloc backing pages should be split rather than compound
(bsc#1217829).
* mmc: core: Avoid negative index with array access (git-fixes).
* mmc: core: Fix switch on gp3 partition (git-fixes).
* mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
* mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes).
* mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes).
* mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
* mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove
function (git-fixes).
* mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
* mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
* mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
* net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322).
* net/x25: fix incorrect parameter validation in the x25_getsockopt() function
(git-fixes).
* net: Fix features skip in for_each_netdev_feature() (git-fixes).
* net: lan78xx: fix runtime PM count underflow on link stop (git-fixes).
* net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
* net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
* net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
* net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
* net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
* nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
* nfs: fix an off by one in root_nfs_cat() (git-fixes).
* nfs: rename nfs_client_kset to nfs_kset (git-fixes).
* nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
* nfsd: convert the callback workqueue to use delayed_work (git-fixes).
* nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
* nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
* nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
* nfsd: fix file memleak on client_opens_release (git-fixes).
* nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
* nfsd: lock_rename() needs both directories to live on the same fs (git-
fixes).
* nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-
fixes).
* nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
* nfsd: retransmit callbacks after client reconnects (git-fixes).
* nfsd: use vfs setgid helper (git-fixes).
* nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
* nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
* nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
* nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
* nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
* nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
* nfsv4.2: fix wrong shrinker_id (git-fixes).
* nfsv4: fix a nfs4_state_manager() race (git-fixes).
* nfsv4: fix a state manager thread deadlock regression (git-fixes).
* nilfs2: fix failure to detect DAT corruption in btree and direct mappings
(git-fixes).
* nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
* nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
* nouveau: reset the bo resource bus info after an eviction (git-fixes).
* ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
* nvme-fc: do not wait in vain when unloading module (git-fixes).
* nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
* nvmet-fc: abort command when there is no binding (git-fixes).
* nvmet-fc: avoid deadlock on delete association path (git-fixes).
* nvmet-fc: defer cleanup using RCU properly (git-fixes).
* nvmet-fc: hold reference on hostport match (git-fixes).
* nvmet-fc: release reference on target port (git-fixes).
* nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
* nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
* nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
* pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
* pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
* pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
* pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
* pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
* pci: add locking to RMW PCI Express Capability Register accessors (git-
fixes).
* pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
* pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
* pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-
fixes).
* pci: fu740: Set the number of MSI vectors (git-fixes).
* pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-
fixes).
* pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
* pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
* pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
* pci: mediatek: Clear interrupt status before dispatching handler (git-
fixes).
* pci: qcom: Enable BDF to SID translation properly (git-fixes).
* pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-
fixes).
* pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
* pci: rockchip: Fix window mapping and address translation for endpoint (git-
fixes).
* pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
* pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-
fixes).
* pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-
fixes).
* platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
* pm: suspend: Set mem_sleep_current during kernel command line setup (git-
fixes).
* pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats
(git-fixes).
* pnfs: Fix a hang in nfs4_evict_inode() (git-fixes).
* pnfs: Fix the pnfs block driver's calculation of layoutget size (git-fixes).
* powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
* powerpc/boot: Disable power10 features after BOOTAFLAGS assignment
(bsc#1194869).
* powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU
(bsc#1194869).
* powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses
(bsc#1194869).
* powerpc/lib/sstep: Remove unneeded #ifdef **powerpc64** (bsc#1194869).
* powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding
(bsc#1194869).
* powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
* powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
(bsc#1220492 ltc#205270).
* powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465
ltc#197256 jsc#SLE-18130 git-fixes).
* powerpc/sstep: Use bitwise instead of arithmetic operator for flags
(bsc#1194869).
* powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
* pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-
fixes).
* qedf: Do not process stag work during unload (bsc#1214852).
* qedf: Wait for stag work during unload (bsc#1214852).
* raid1: fix use-after-free for original bio in raid1_write_request()
(bsc#1221097).
* ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
* ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
* ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
* ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
* ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
* ras/amd/fmpm: Save SPA values (jsc#PED-7619).
* ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
* ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
* rdma/device: Fix a race between mad_client and cm_client init (git-fixes)
* rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
* rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes)
* rdma/irdma: Remove duplicate assignment (git-fixes)
* rdma/mana_ib: Fix bug in creation of dma regions (git-fixes).
* rdma/mlx5: fix fortify source warning while accessing Eth segment (git-
fixes)
* rdma/mlx5: relax DEVX access upon modify commands (git-fixes)
* rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-
fixes)
* rdma/srpt: do not register event handler until srpt device is fully setup
(git-fixes)
* revert "PCI: tegra194: Enable support for 256 Byte payload" (git-fixes).
* revert "Revert "drm/amdgpu/display: change pipe policy for DCN 2.0"" (git-
fixes).
* revert "SUNRPC dont update timeout value on connection reset" (git-fixes).
* revert "drm/amd: Disable PSR-SU on Parade 0803 TCON" (git-fixes).
* revert "drm/amd: Disable S/G for APUs when 64GB or more host memory" (git-
fixes).
* revert "drm/amdgpu/display: change pipe policy for DCN 2.0" (git-fixes).
* revert "drm/amdgpu/display: change pipe policy for DCN 2.1" (git-fixes).
* revert "drm/vc4: hdmi: Enforce the minimum rate at runtime_resume" (git-
fixes).
* revert "fbdev: flush deferred IO before closing (git-fixes)." (bsc#1221814)
* ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
* rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
* s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes
bsc#1221633).
* s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
* s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
* s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
* s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
* sched/rt: Disallow writing invalid values to sched_rt_period_us
(bsc#1220176).
* sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
(bsc#1220176).
* scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777).
* scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
* scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
* scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
* scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
* scsi: lpfc: Define types in a union for generic void *context3 ptr
(bsc#1221777).
* scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
(bsc#1221777).
* scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
(bsc#1221777).
* scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777
bsc#1217959).
* scsi: lpfc: Remove unnecessary log message in queuecommand path
(bsc#1221777).
* scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port()
(bsc#1221777).
* scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
* scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
* scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
* scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
* scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
* scsi: qedf: Remove unused declaration (bsc#1214852).
* scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
* scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
* scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
* scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
* scsi: qla2xxx: Fix double free of fcport (bsc1221816).
* scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
* scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
* scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
* scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
* scsi: qla2xxx: Update manufacturer detail (bsc1221816).
* scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
* scsi: storvsc: Fix ring buffer size calculation (git-fixes).
* scsi: target: core: Silence the message about unknown VPD pages
(bsc#1221252).
* selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
* serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
* serial: max310x: fix syntax error in IRQ error message (git-fixes).
* slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-
fixes).
* soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
* spi: lm70llp: fix links in doc and comments (git-fixes).
* spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
* sr9800: Add check for usbnet_get_endpoints (git-fixes).
* stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
* staging: vc04_services: fix information leak in create_component() (git-
fixes).
* sunrpc: Add an IS_ERR() check back to where it was (git-fixes).
* sunrpc: ECONNRESET might require a rebind (git-fixes).
* sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes).
* sunrpc: Fix a suspicious RCU usage warning (git-fixes).
* sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
* sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
* svcrdma: Drop connection after an RDMA Read error (git-fixes).
* topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
* topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
* tracing/probes: Fix to show a parse error for bad type for $comm (git-
fixes).
* tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
* tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
* tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
* tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-
fixes).
* tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
* tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
* ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
* ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
* ubifs: Set page uptodate in the correct place (git-fixes).
* ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
* ubifs: fix sort function prototype (git-fixes).
* usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor
(git-fixes).
* usb: cdc-wdm: close race between read and workqueue (git-fixes).
* usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes).
* usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
* usb: dwc2: gadget: LPM flow fix (git-fixes).
* usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
* usb: dwc2: host: Fix hibernation flow (git-fixes).
* usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
* usb: dwc3: Properly set system wakeup (git-fixes).
* usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
* usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
* usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-
fixes).
* usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
* usb: port: Do not try to peer unused USB ports based on location (git-
fixes).
* usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
* usb: typec: ucsi: Check for notifications after init (git-fixes).
* usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
* usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
* usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-
fixes).
* usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
* vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
* vt: fix unicode buffer corruption when deleting characters (git-fixes).
* watchdog: stm32_iwdg: initialize default timeout (git-fixes).
* wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
* wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
* wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
* wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
(git-fixes).
* wifi: b43: Disable QoS for bcm4331 (git-fixes).
* wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-
fixes).
* wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-
fixes).
* wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-
fixes).
* wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-
fixes).
* wifi: brcmsmac: avoid function pointer casts (git-fixes).
* wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
* wifi: iwlwifi: fix EWRD table validity check (git-fixes).
* wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
* wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
* wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
* wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
* wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-
fixes).
* wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
* wifi: mwifiex: debugfs: Drop unnecessary error check for
debugfs_create_dir() (git-fixes).
* wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
* wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
* wifi: wilc1000: fix RCU usage in connect path (git-fixes).
* wifi: wilc1000: fix declarations ordering (stable-fixes).
* wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
* wifi: wilc1000: prevent use-after-free on vif when cleaning up all
interfaces (git-fixes).
* x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
* x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
* x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
* xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
* xhci: process isoc TD properly when there was a transaction error mid TD
(git-fixes).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1466=1 openSUSE-SLE-15.5-2024-1466=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1466=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-1466=1

* SUSE Real Time Module 15-SP5
zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-1466=1

## Package List:

* openSUSE Leap 15.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.47.1
* kernel-devel-rt-5.14.21-150500.13.47.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-1-150500.11.3.1
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-debugsource-5.14.21-150500.13.47.1
* cluster-md-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt-livepatch-5.14.21-150500.13.47.1
* kernel-rt_debug-devel-5.14.21-150500.13.47.1
* kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-1-150500.11.3.1
* kernel-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.47.1
* kselftests-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.47.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.47.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-optional-5.14.21-150500.13.47.1
* dlm-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt-devel-5.14.21-150500.13.47.1
* kernel-rt-extra-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.47.1
* ocfs2-kmp-rt-5.14.21-150500.13.47.1
* reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.47.1
* gfs2-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt_debug-livepatch-devel-5.14.21-150500.13.47.1
* reiserfs-kmp-rt-5.14.21-150500.13.47.1
* kernel-livepatch-5_14_21-150500_13_47-rt-1-150500.11.3.1
* kernel-syms-rt-5.14.21-150500.13.47.1
* kernel-rt-livepatch-devel-5.14.21-150500.13.47.1
* kernel-rt-vdso-5.14.21-150500.13.47.1
* kselftests-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt-optional-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-vdso-5.14.21-150500.13.47.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-extra-5.14.21-150500.13.47.1
* openSUSE Leap 15.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.47.1
* kernel-rt_debug-5.14.21-150500.13.47.1
* SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.47.1
* SUSE Linux Enterprise Micro 5.5 (x86_64)
* kernel-rt-debugsource-5.14.21-150500.13.47.1
* kernel-rt-debuginfo-5.14.21-150500.13.47.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-source-rt-5.14.21-150500.13.47.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-SLE15-SP5-RT_Update_13-debugsource-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_13_47-rt-debuginfo-1-150500.11.3.1
* kernel-livepatch-5_14_21-150500_13_47-rt-1-150500.11.3.1
* SUSE Real Time Module 15-SP5 (x86_64)
* dlm-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-debugsource-5.14.21-150500.13.47.1
* cluster-md-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt_debug-devel-5.14.21-150500.13.47.1
* kernel-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt-devel-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.47.1
* gfs2-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* kernel-rt_debug-debugsource-5.14.21-150500.13.47.1
* cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* dlm-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt-devel-5.14.21-150500.13.47.1
* kernel-rt_debug-debuginfo-5.14.21-150500.13.47.1
* ocfs2-kmp-rt-5.14.21-150500.13.47.1
* kernel-rt-vdso-debuginfo-5.14.21-150500.13.47.1
* gfs2-kmp-rt-5.14.21-150500.13.47.1
* kernel-syms-rt-5.14.21-150500.13.47.1
* kernel-rt-vdso-5.14.21-150500.13.47.1
* kernel-rt_debug-vdso-5.14.21-150500.13.47.1
* ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.47.1
* SUSE Real Time Module 15-SP5 (noarch)
* kernel-source-rt-5.14.21-150500.13.47.1
* kernel-devel-rt-5.14.21-150500.13.47.1
* SUSE Real Time Module 15-SP5 (nosrc x86_64)
* kernel-rt-5.14.21-150500.13.47.1
* kernel-rt_debug-5.14.21-150500.13.47.1

## References:

* https://www.suse.com/security/cve/CVE-2021-46925.html
* https://www.suse.com/security/cve/CVE-2021-46926.html
* https://www.suse.com/security/cve/CVE-2021-46927.html
* https://www.suse.com/security/cve/CVE-2021-46929.html
* https://www.suse.com/security/cve/CVE-2021-46930.html
* https://www.suse.com/security/cve/CVE-2021-46931.html
* https://www.suse.com/security/cve/CVE-2021-46933.html
* https://www.suse.com/security/cve/CVE-2021-46934.html
* https://www.suse.com/security/cve/CVE-2021-46936.html
* https://www.suse.com/security/cve/CVE-2021-47082.html
* https://www.suse.com/security/cve/CVE-2021-47083.html
* https://www.suse.com/security/cve/CVE-2021-47087.html
* https://www.suse.com/security/cve/CVE-2021-47091.html
* https://www.suse.com/security/cve/CVE-2021-47093.html
* https://www.suse.com/security/cve/CVE-2021-47094.html
* https://www.suse.com/security/cve/CVE-2021-47095.html
* https://www.suse.com/security/cve/CVE-2021-47096.html
* https://www.suse.com/security/cve/CVE-2021-47097.html
* https://www.suse.com/security/cve/CVE-2021-47098.html
* https://www.suse.com/security/cve/CVE-2021-47099.html
* https://www.suse.com/security/cve/CVE-2021-47100.html
* https://www.suse.com/security/cve/CVE-2021-47101.html
* https://www.suse.com/security/cve/CVE-2021-47102.html
* https://www.suse.com/security/cve/CVE-2021-47104.html
* https://www.suse.com/security/cve/CVE-2021-47105.html
* https://www.suse.com/security/cve/CVE-2021-47107.html
* https://www.suse.com/security/cve/CVE-2021-47108.html
* https://www.suse.com/security/cve/CVE-2022-4744.html
* https://www.suse.com/security/cve/CVE-2022-48626.html
* https://www.suse.com/security/cve/CVE-2022-48627.html
* https://www.suse.com/security/cve/CVE-2022-48628.html
* https://www.suse.com/security/cve/CVE-2022-48629.html
* https://www.suse.com/security/cve/CVE-2022-48630.html
* https://www.suse.com/security/cve/CVE-2023-0160.html
* https://www.suse.com/security/cve/CVE-2023-28746.html
* https://www.suse.com/security/cve/CVE-2023-35827.html
* https://www.suse.com/security/cve/CVE-2023-4881.html
* https://www.suse.com/security/cve/CVE-2023-52447.html
* https://www.suse.com/security/cve/CVE-2023-52450.html
* https://www.suse.com/security/cve/CVE-2023-52453.html
* https://www.suse.com/security/cve/CVE-2023-52454.html
* https://www.suse.com/security/cve/CVE-2023-52462.html
* https://www.suse.com/security/cve/CVE-2023-52463.html
* https://www.suse.com/security/cve/CVE-2023-52467.html
* https://www.suse.com/security/cve/CVE-2023-52469.html
* https://www.suse.com/security/cve/CVE-2023-52470.html
* https://www.suse.com/security/cve/CVE-2023-52474.html
* https://www.suse.com/security/cve/CVE-2023-52476.html
* https://www.suse.com/security/cve/CVE-2023-52477.html
* https://www.suse.com/security/cve/CVE-2023-52481.html
* https://www.suse.com/security/cve/CVE-2023-52482.html
* https://www.suse.com/security/cve/CVE-2023-52484.html
* https://www.suse.com/security/cve/CVE-2023-52486.html
* https://www.suse.com/security/cve/CVE-2023-52492.html
* https://www.suse.com/security/cve/CVE-2023-52493.html
* https://www.suse.com/security/cve/CVE-2023-52494.html
* https://www.suse.com/security/cve/CVE-2023-52497.html
* https://www.suse.com/security/cve/CVE-2023-52500.html
* https://www.suse.com/security/cve/CVE-2023-52501.html
* https://www.suse.com/security/cve/CVE-2023-52502.html
* https://www.suse.com/security/cve/CVE-2023-52504.html
* https://www.suse.com/security/cve/CVE-2023-52507.html
* https://www.suse.com/security/cve/CVE-2023-52508.html
* https://www.suse.com/security/cve/CVE-2023-52509.html
* https://www.suse.com/security/cve/CVE-2023-52510.html
* https://www.suse.com/security/cve/CVE-2023-52511.html
* https://www.suse.com/security/cve/CVE-2023-52513.html
* https://www.suse.com/security/cve/CVE-2023-52515.html
* https://www.suse.com/security/cve/CVE-2023-52517.html
* https://www.suse.com/security/cve/CVE-2023-52518.html
* https://www.suse.com/security/cve/CVE-2023-52519.html
* https://www.suse.com/security/cve/CVE-2023-52520.html
* https://www.suse.com/security/cve/CVE-2023-52523.html
* https://www.suse.com/security/cve/CVE-2023-52524.html
* https://www.suse.com/security/cve/CVE-2023-52525.html
* https://www.suse.com/security/cve/CVE-2023-52528.html
* https://www.suse.com/security/cve/CVE-2023-52529.html
* https://www.suse.com/security/cve/CVE-2023-52530.html
* https://www.suse.com/security/cve/CVE-2023-52531.html
* https://www.suse.com/security/cve/CVE-2023-52532.html
* https://www.suse.com/security/cve/CVE-2023-52559.html
* https://www.suse.com/security/cve/CVE-2023-52563.html
* https://www.suse.com/security/cve/CVE-2023-52564.html
* https://www.suse.com/security/cve/CVE-2023-52566.html
* https://www.suse.com/security/cve/CVE-2023-52567.html
* https://www.suse.com/security/cve/CVE-2023-52569.html
* https://www.suse.com/security/cve/CVE-2023-52574.html
* https://www.suse.com/security/cve/CVE-2023-52575.html
* https://www.suse.com/security/cve/CVE-2023-52576.html
* https://www.suse.com/security/cve/CVE-2023-52582.html
* https://www.suse.com/security/cve/CVE-2023-52583.html
* https://www.suse.com/security/cve/CVE-2023-52587.html
* https://www.suse.com/security/cve/CVE-2023-52591.html
* https://www.suse.com/security/cve/CVE-2023-52594.html
* https://www.suse.com/security/cve/CVE-2023-52595.html
* https://www.suse.com/security/cve/CVE-2023-52597.html
* https://www.suse.com/security/cve/CVE-2023-52598.html
* https://www.suse.com/security/cve/CVE-2023-52599.html
* https://www.suse.com/security/cve/CVE-2023-52600.html
* https://www.suse.com/security/cve/CVE-2023-52601.html
* https://www.suse.com/security/cve/CVE-2023-52602.html
* https://www.suse.com/security/cve/CVE-2023-52603.html
* https://www.suse.com/security/cve/CVE-2023-52604.html
* https://www.suse.com/security/cve/CVE-2023-52605.html
* https://www.suse.com/security/cve/CVE-2023-52606.html
* https://www.suse.com/security/cve/CVE-2023-52607.html
* https://www.suse.com/security/cve/CVE-2023-52608.html
* https://www.suse.com/security/cve/CVE-2023-52612.html
* https://www.suse.com/security/cve/CVE-2023-52615.html
* https://www.suse.com/security/cve/CVE-2023-52617.html
* https://www.suse.com/security/cve/CVE-2023-52619.html
* https://www.suse.com/security/cve/CVE-2023-52621.html
* https://www.suse.com/security/cve/CVE-2023-52623.html
* https://www.suse.com/security/cve/CVE-2023-52628.html
* https://www.suse.com/security/cve/CVE-2023-52632.html
* https://www.suse.com/security/cve/CVE-2023-52637.html
* https://www.suse.com/security/cve/CVE-2023-52639.html
* https://www.suse.com/security/cve/CVE-2023-6270.html
* https://www.suse.com/security/cve/CVE-2023-6356.html
* https://www.suse.com/security/cve/CVE-2023-6535.html
* https://www.suse.com/security/cve/CVE-2023-6536.html
* https://www.suse.com/security/cve/CVE-2023-7042.html
* https://www.suse.com/security/cve/CVE-2023-7192.html
* https://www.suse.com/security/cve/CVE-2024-0841.html
* https://www.suse.com/security/cve/CVE-2024-2201.html
* https://www.suse.com/security/cve/CVE-2024-22099.html
* https://www.suse.com/security/cve/CVE-2024-23307.html
* https://www.suse.com/security/cve/CVE-2024-25739.html
* https://www.suse.com/security/cve/CVE-2024-25742.html
* https://www.suse.com/security/cve/CVE-2024-26599.html
* https://www.suse.com/security/cve/CVE-2024-26600.html
* https://www.suse.com/security/cve/CVE-2024-26602.html
* https://www.suse.com/security/cve/CVE-2024-26607.html
* https://www.suse.com/security/cve/CVE-2024-26612.html
* https://www.suse.com/security/cve/CVE-2024-26614.html
* https://www.suse.com/security/cve/CVE-2024-26620.html
* https://www.suse.com/security/cve/CVE-2024-26627.html
* https://www.suse.com/security/cve/CVE-2024-26629.html
* https://www.suse.com/security/cve/CVE-2024-26642.html
* https://www.suse.com/security/cve/CVE-2024-26645.html
* https://www.suse.com/security/cve/CVE-2024-26646.html
* https://www.suse.com/security/cve/CVE-2024-26651.html
* https://www.suse.com/security/cve/CVE-2024-26654.html
* https://www.suse.com/security/cve/CVE-2024-26659.html
* https://www.suse.com/security/cve/CVE-2024-26664.html
* https://www.suse.com/security/cve/CVE-2024-26667.html
* https://www.suse.com/security/cve/CVE-2024-26670.html
* https://www.suse.com/security/cve/CVE-2024-26695.html
* https://www.suse.com/security/cve/CVE-2024-26717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194869
* https://bugzilla.suse.com/show_bug.cgi?id=1200465
* https://bugzilla.suse.com/show_bug.cgi?id=1205316
* https://bugzilla.suse.com/show_bug.cgi?id=1207948
* https://bugzilla.suse.com/show_bug.cgi?id=1209635
* https://bugzilla.suse.com/show_bug.cgi?id=1209657
* https://bugzilla.suse.com/show_bug.cgi?id=1212514
* https://bugzilla.suse.com/show_bug.cgi?id=1213456
* https://bugzilla.suse.com/show_bug.cgi?id=1214852
* https://bugzilla.suse.com/show_bug.cgi?id=1215221
* https://bugzilla.suse.com/show_bug.cgi?id=1215322
* https://bugzilla.suse.com/show_bug.cgi?id=1217339
* https://bugzilla.suse.com/show_bug.cgi?id=1217829
* https://bugzilla.suse.com/show_bug.cgi?id=1217959
* https://bugzilla.suse.com/show_bug.cgi?id=1217987
* https://bugzilla.suse.com/show_bug.cgi?id=1217988
* https://bugzilla.suse.com/show_bug.cgi?id=1217989
* https://bugzilla.suse.com/show_bug.cgi?id=1218321
* https://bugzilla.suse.com/show_bug.cgi?id=1218336
* https://bugzilla.suse.com/show_bug.cgi?id=1218479
* https://bugzilla.suse.com/show_bug.cgi?id=1218562
* https://bugzilla.suse.com/show_bug.cgi?id=1218643
* https://bugzilla.suse.com/show_bug.cgi?id=1218777
* https://bugzilla.suse.com/show_bug.cgi?id=1219169
* https://bugzilla.suse.com/show_bug.cgi?id=1219170
* https://bugzilla.suse.com/show_bug.cgi?id=1219264
* https://bugzilla.suse.com/show_bug.cgi?id=1219834
* https://bugzilla.suse.com/show_bug.cgi?id=1220114
* https://bugzilla.suse.com/show_bug.cgi?id=1220176
* https://bugzilla.suse.com/show_bug.cgi?id=1220237
* https://bugzilla.suse.com/show_bug.cgi?id=1220251
* https://bugzilla.suse.com/show_bug.cgi?id=1220320
* https://bugzilla.suse.com/show_bug.cgi?id=1220325
* https://bugzilla.suse.com/show_bug.cgi?id=1220328
* https://bugzilla.suse.com/show_bug.cgi?id=1220337
* https://bugzilla.suse.com/show_bug.cgi?id=1220340
* https://bugzilla.suse.com/show_bug.cgi?id=1220365
* https://bugzilla.suse.com/show_bug.cgi?id=1220366
* https://bugzilla.suse.com/show_bug.cgi?id=1220398
* https://bugzilla.suse.com/show_bug.cgi?id=1220411
* https://bugzilla.suse.com/show_bug.cgi?id=1220413
* https://bugzilla.suse.com/show_bug.cgi?id=1220433
* https://bugzilla.suse.com/show_bug.cgi?id=1220439
* https://bugzilla.suse.com/show_bug.cgi?id=1220443
* https://bugzilla.suse.com/show_bug.cgi?id=1220445
* https://bugzilla.suse.com/show_bug.cgi?id=1220466
* https://bugzilla.suse.com/show_bug.cgi?id=1220469
* https://bugzilla.suse.com/show_bug.cgi?id=1220478
* https://bugzilla.suse.com/show_bug.cgi?id=1220482
* https://bugzilla.suse.com/show_bug.cgi?id=1220484
* https://bugzilla.suse.com/show_bug.cgi?id=1220486
* https://bugzilla.suse.com/show_bug.cgi?id=1220487
* https://bugzilla.suse.com/show_bug.cgi?id=1220492
* https://bugzilla.suse.com/show_bug.cgi?id=1220703
* https://bugzilla.suse.com/show_bug.cgi?id=1220735
* https://bugzilla.suse.com/show_bug.cgi?id=1220736
* https://bugzilla.suse.com/show_bug.cgi?id=1220775
* https://bugzilla.suse.com/show_bug.cgi?id=1220790
* https://bugzilla.suse.com/show_bug.cgi?id=1220797
* https://bugzilla.suse.com/show_bug.cgi?id=1220831
* https://bugzilla.suse.com/show_bug.cgi?id=1220833
* https://bugzilla.suse.com/show_bug.cgi?id=1220836
* https://bugzilla.suse.com/show_bug.cgi?id=1220839
* https://bugzilla.suse.com/show_bug.cgi?id=1220840
* https://bugzilla.suse.com/show_bug.cgi?id=1220843
* https://bugzilla.suse.com/show_bug.cgi?id=1220845
* https://bugzilla.suse.com/show_bug.cgi?id=1220848
* https://bugzilla.suse.com/show_bug.cgi?id=1220870
* https://bugzilla.suse.com/show_bug.cgi?id=1220871
* https://bugzilla.suse.com/show_bug.cgi?id=1220872
* https://bugzilla.suse.com/show_bug.cgi?id=1220878
* https://bugzilla.suse.com/show_bug.cgi?id=1220879
* https://bugzilla.suse.com/show_bug.cgi?id=1220883
* https://bugzilla.suse.com/show_bug.cgi?id=1220885
* https://bugzilla.suse.com/show_bug.cgi?id=1220887
* https://bugzilla.suse.com/show_bug.cgi?id=1220898
* https://bugzilla.suse.com/show_bug.cgi?id=1220917
* https://bugzilla.suse.com/show_bug.cgi?id=1220918
* https://bugzilla.suse.com/show_bug.cgi?id=1220920
* https://bugzilla.suse.com/show_bug.cgi?id=1220921
* https://bugzilla.suse.com/show_bug.cgi?id=1220926
* https://bugzilla.suse.com/show_bug.cgi?id=1220927
* https://bugzilla.suse.com/show_bug.cgi?id=1220929
* https://bugzilla.suse.com/show_bug.cgi?id=1220930
* https://bugzilla.suse.com/show_bug.cgi?id=1220931
* https://bugzilla.suse.com/show_bug.cgi?id=1220932
* https://bugzilla.suse.com/show_bug.cgi?id=1220933
* https://bugzilla.suse.com/show_bug.cgi?id=1220937
* https://bugzilla.suse.com/show_bug.cgi?id=1220938
* https://bugzilla.suse.com/show_bug.cgi?id=1220940
* https://bugzilla.suse.com/show_bug.cgi?id=1220954
* https://bugzilla.suse.com/show_bug.cgi?id=1220955
* https://bugzilla.suse.com/show_bug.cgi?id=1220959
* https://bugzilla.suse.com/show_bug.cgi?id=1220960
* https://bugzilla.suse.com/show_bug.cgi?id=1220961
* https://bugzilla.suse.com/show_bug.cgi?id=1220965
* https://bugzilla.suse.com/show_bug.cgi?id=1220969
* https://bugzilla.suse.com/show_bug.cgi?id=1220978
* https://bugzilla.suse.com/show_bug.cgi?id=1220979
* https://bugzilla.suse.com/show_bug.cgi?id=1220981
* https://bugzilla.suse.com/show_bug.cgi?id=1220982
* https://bugzilla.suse.com/show_bug.cgi?id=1220983
* https://bugzilla.suse.com/show_bug.cgi?id=1220985
* https://bugzilla.suse.com/show_bug.cgi?id=1220986
* https://bugzilla.suse.com/show_bug.cgi?id=1220987
* https://bugzilla.suse.com/show_bug.cgi?id=1220989
* https://bugzilla.suse.com/show_bug.cgi?id=1220990
* https://bugzilla.suse.com/show_bug.cgi?id=1221009
* https://bugzilla.suse.com/show_bug.cgi?id=1221012
* https://bugzilla.suse.com/show_bug.cgi?id=1221015
* https://bugzilla.suse.com/show_bug.cgi?id=1221022
* https://bugzilla.suse.com/show_bug.cgi?id=1221039
* https://bugzilla.suse.com/show_bug.cgi?id=1221040
* https://bugzilla.suse.com/show_bug.cgi?id=1221044
* https://bugzilla.suse.com/show_bug.cgi?id=1221045
* https://bugzilla.suse.com/show_bug.cgi?id=1221046
* https://bugzilla.suse.com/show_bug.cgi?id=1221048
* https://bugzilla.suse.com/show_bug.cgi?id=1221055
* https://bugzilla.suse.com/show_bug.cgi?id=1221056
* https://bugzilla.suse.com/show_bug.cgi?id=1221058
* https://bugzilla.suse.com/show_bug.cgi?id=1221060
* https://bugzilla.suse.com/show_bug.cgi?id=1221061
* https://bugzilla.suse.com/show_bug.cgi?id=1221062
* https://bugzilla.suse.com/show_bug.cgi?id=1221066
* https://bugzilla.suse.com/show_bug.cgi?id=1221067
* https://bugzilla.suse.com/show_bug.cgi?id=1221068
* https://bugzilla.suse.com/show_bug.cgi?id=1221069
* https://bugzilla.suse.com/show_bug.cgi?id=1221070
* https://bugzilla.suse.com/show_bug.cgi?id=1221071
* https://bugzilla.suse.com/show_bug.cgi?id=1221077
* https://bugzilla.suse.com/show_bug.cgi?id=1221082
* https://bugzilla.suse.com/show_bug.cgi?id=1221090
* https://bugzilla.suse.com/show_bug.cgi?id=1221097
* https://bugzilla.suse.com/show_bug.cgi?id=1221156
* https://bugzilla.suse.com/show_bug.cgi?id=1221252
* https://bugzilla.suse.com/show_bug.cgi?id=1221273
* https://bugzilla.suse.com/show_bug.cgi?id=1221274
* https://bugzilla.suse.com/show_bug.cgi?id=1221276
* https://bugzilla.suse.com/show_bug.cgi?id=1221277
* https://bugzilla.suse.com/show_bug.cgi?id=1221291
* https://bugzilla.suse.com/show_bug.cgi?id=1221293
* https://bugzilla.suse.com/show_bug.cgi?id=1221298
* https://bugzilla.suse.com/show_bug.cgi?id=1221337
* https://bugzilla.suse.com/show_bug.cgi?id=1221338
* https://bugzilla.suse.com/show_bug.cgi?id=1221375
* https://bugzilla.suse.com/show_bug.cgi?id=1221379
* https://bugzilla.suse.com/show_bug.cgi?id=1221551
* https://bugzilla.suse.com/show_bug.cgi?id=1221553
* https://bugzilla.suse.com/show_bug.cgi?id=1221613
* https://bugzilla.suse.com/show_bug.cgi?id=1221614
* https://bugzilla.suse.com/show_bug.cgi?id=1221616
* https://bugzilla.suse.com/show_bug.cgi?id=1221618
* https://bugzilla.suse.com/show_bug.cgi?id=1221631
* https://bugzilla.suse.com/show_bug.cgi?id=1221633
* https://bugzilla.suse.com/show_bug.cgi?id=1221713
* https://bugzilla.suse.com/show_bug.cgi?id=1221725
* https://bugzilla.suse.com/show_bug.cgi?id=1221777
* https://bugzilla.suse.com/show_bug.cgi?id=1221814
* https://bugzilla.suse.com/show_bug.cgi?id=1221816
* https://bugzilla.suse.com/show_bug.cgi?id=1221830
* https://bugzilla.suse.com/show_bug.cgi?id=1221951
* https://bugzilla.suse.com/show_bug.cgi?id=1222033
* https://bugzilla.suse.com/show_bug.cgi?id=1222056
* https://bugzilla.suse.com/show_bug.cgi?id=1222060
* https://bugzilla.suse.com/show_bug.cgi?id=1222070
* https://bugzilla.suse.com/show_bug.cgi?id=1222073
* https://bugzilla.suse.com/show_bug.cgi?id=1222117
* https://bugzilla.suse.com/show_bug.cgi?id=1222274
* https://bugzilla.suse.com/show_bug.cgi?id=1222291
* https://bugzilla.suse.com/show_bug.cgi?id=1222300
* https://bugzilla.suse.com/show_bug.cgi?id=1222304
* https://bugzilla.suse.com/show_bug.cgi?id=1222317
* https://bugzilla.suse.com/show_bug.cgi?id=1222331
* https://bugzilla.suse.com/show_bug.cgi?id=1222355
* https://bugzilla.suse.com/show_bug.cgi?id=1222356
* https://bugzilla.suse.com/show_bug.cgi?id=1222360
* https://bugzilla.suse.com/show_bug.cgi?id=1222366
* https://bugzilla.suse.com/show_bug.cgi?id=1222373
* https://bugzilla.suse.com/show_bug.cgi?id=1222619
* https://bugzilla.suse.com/show_bug.cgi?id=1222952
* https://jira.suse.com/browse/PED-5759
* https://jira.suse.com/browse/PED-7167
* https://jira.suse.com/browse/PED-7618
* https://jira.suse.com/browse/PED-7619



SUSE-SU-2024:1451-1: low: Security update for java-1_8_0-openjdk


# Security update for java-1_8_0-openjdk

Announcement ID: SUSE-SU-2024:1451-1
Rating: low
References:

* bsc#1213470
* bsc#1222979
* bsc#1222983
* bsc#1222984
* bsc#1222986

Cross-References:

* CVE-2024-21011
* CVE-2024-21068
* CVE-2024-21085
* CVE-2024-21094

CVSS scores:

* CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* Legacy Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for java-1_8_0-openjdk fixes the following issues:

* CVE-2024-21011: Fixed denial of service due to long Exception message
logging (JDK-8319851,bsc#1222979)
* CVE-2024-21068: Fixed integer overflow in C1 compiler address generation
(JDK-8322122,bsc#1222983)
* CVE-2024-21085: Fixed Pack200 excessive memory allocation
(JDK-8322114,bsc#1222984)
* CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation
failure with "Exceeded _node_regs array"
(JDK-8317507,JDK-8325348,bsc#1222986)

Other fixes: \- Update to version jdk8u412 (icedtea-3.31.0) (April 2024 CPU) *
Security fixes \+ JDK-8318340: Improve RSA key implementations * Import of
OpenJDK 8 u412 build 08 \+ JDK-8011180: Delete obsolete scripts \+ JDK-8016451:
Scary messages emitted by build.tools.generatenimbus.PainterGenerator during
build \+ JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris
under certain scenarios \+ JDK-8023735: [TESTBUG][macosx]
runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X \+ JDK-8074860:
Structured Exception Catcher missing around CreateJavaVM on Windows \+
JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test
[exit code: 1080890248]" (0x406d1388) \+ JDK-8155590: Dubious collection
management in sun.net.www.http.KeepAliveCache \+ JDK-8168518: rcache interop
with krb5-1.15 \+ JDK-8183503: Update hotspot tests to allow for unique test
classes directory \+ JDK-8186095: upgrade to jtreg 4.2 b08 \+ JDK-8186199:
[windows] JNI_DestroyJavaVM not covered by SEH \+ JDK-8192931: Regression test
java/awt/font/TextLayout/CombiningPerf.java fails \+ JDK-8208655: use JTreg
skipped status in hotspot tests \+ JDK-8208701: Fix for JDK-8208655 causes test
failures in CI tier1 \+ JDK-8208706: compiler/tiered/
/ConstantGettersTransitionsTest.java fails to compile \+ JDK-8213410:
UseCompressedOops requirement check fails fails on 32-bit system \+ JDK-8222323:
ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset
alwaysOnTop" \+ JDK-8224768: Test ActalisCA.java fails \+ JDK-8251155:
HostIdentifier fails to canonicalize hostnames starting with digits \+
JDK-8251551: Use .md filename extension for README \+ JDK-8268678:
LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired \+
JDK-8270280: security/infra/java/security/cert/
/CertPathValidator/certification/LetsEncryptCA.java OCSP response error \+
JDK-8270517: Add Zero support for LoongArch \+ JDK-8272708: [Test]: Cleanup:
test/jdk/security/infra/java/
/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs
ocspEnabled \+ JDK-8276139: TestJpsHostName.java not reliable, better to expand
HostIdentifierCreate.java test \+ JDK-8288132: Update test artifacts in QuoVadis
CA interop tests \+ JDK-8297955: LDAP CertStore should use LdapName and not
String for DNs \+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash \+ JDK-8308592: Framework for CA interoperability testing \+ JDK-8312126:
NullPointerException in CertStore.getCRLs after 8297955 \+ JDK-8315042: NPE in
PKCS7.parseOldSignedData \+ JDK-8315757: [8u] Add cacerts JTREG tests to GHA
tier1 test set \+ JDK-8320713: Bump update version of OpenJDK: 8u412 \+
JDK-8321060: [8u] hotspot needs to recognise VS2022 \+ JDK-8321408: Add
Certainly roots R1 and E1 \+ JDK-8322725: (tz) Update Timezone Data to 2023d \+
JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed
because A blue ball icon is added outside of the system tray \+ JDK-8323202:
[8u] Remove get_source.sh and hgforest.sh \+ JDK-8323640:
[TESTBUG]testMemoryFailCount in jdk/internal/
/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed \+
JDK-8324530: Build error with gcc 10 \+ JDK-8325150: (tz) Update Timezone Data
to 2024a * Bug fixes \+ Support make 4.4

* Do not recommend timezone-java8 (bsc#1213470)

* Use %patch -P N instead of deprecated %patchN.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1451=1

* Legacy Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-1451=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1451=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1451=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1451=1

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1451=1

* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1451=1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1451=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1451=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1451=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1451=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1451=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-src-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-accessibility-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* openSUSE Leap 15.5 (noarch)
* java-1_8_0-openjdk-javadoc-1.8.0.412-150000.3.91.1
* Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-1_8_0-openjdk-devel-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-debugsource-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-headless-debuginfo-1.8.0.412-150000.3.91.1
* java-1_8_0-openjdk-demo-debuginfo-1.8.0.412-150000.3.91.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21011.html
* https://www.suse.com/security/cve/CVE-2024-21068.html
* https://www.suse.com/security/cve/CVE-2024-21085.html
* https://www.suse.com/security/cve/CVE-2024-21094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213470
* https://bugzilla.suse.com/show_bug.cgi?id=1222979
* https://bugzilla.suse.com/show_bug.cgi?id=1222983
* https://bugzilla.suse.com/show_bug.cgi?id=1222984
* https://bugzilla.suse.com/show_bug.cgi?id=1222986



SUSE-SU-2024:1453-1: important: Security update for frr


# Security update for frr

Announcement ID: SUSE-SU-2024:1453-1
Rating: important
References:

* bsc#1220548
* bsc#1222518

Cross-References:

* CVE-2024-27913
* CVE-2024-31948

CVSS scores:

* CVE-2024-27913 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-31948 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves two vulnerabilities can now be installed.

## Description:

This update for frr fixes the following issues:

* CVE-2024-27913: Fixed a denial of service issue via a malformed OSPF LSA
packet (bsc#1220548).
* CVE-2024-31948: Fixed denial of service due to malformed Prefix SID
attribute in BGP Update packet (bsc#1222518).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1453=1 openSUSE-SLE-15.5-2024-1453=1

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-1453=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libfrrfpm_pb0-debuginfo-8.4-150500.4.20.1
* libfrr0-8.4-150500.4.20.1
* frr-8.4-150500.4.20.1
* libfrrzmq0-debuginfo-8.4-150500.4.20.1
* libfrrsnmp0-debuginfo-8.4-150500.4.20.1
* libmlag_pb0-8.4-150500.4.20.1
* libmlag_pb0-debuginfo-8.4-150500.4.20.1
* libfrr_pb0-debuginfo-8.4-150500.4.20.1
* libfrrfpm_pb0-8.4-150500.4.20.1
* libfrrzmq0-8.4-150500.4.20.1
* libfrr0-debuginfo-8.4-150500.4.20.1
* frr-debugsource-8.4-150500.4.20.1
* libfrrcares0-debuginfo-8.4-150500.4.20.1
* frr-devel-8.4-150500.4.20.1
* libfrrospfapiclient0-8.4-150500.4.20.1
* libfrrcares0-8.4-150500.4.20.1
* libfrrospfapiclient0-debuginfo-8.4-150500.4.20.1
* libfrr_pb0-8.4-150500.4.20.1
* libfrrsnmp0-8.4-150500.4.20.1
* frr-debuginfo-8.4-150500.4.20.1
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* libfrrfpm_pb0-debuginfo-8.4-150500.4.20.1
* libfrr0-8.4-150500.4.20.1
* frr-8.4-150500.4.20.1
* libfrrzmq0-debuginfo-8.4-150500.4.20.1
* libfrrsnmp0-debuginfo-8.4-150500.4.20.1
* libmlag_pb0-8.4-150500.4.20.1
* libmlag_pb0-debuginfo-8.4-150500.4.20.1
* libfrr_pb0-debuginfo-8.4-150500.4.20.1
* libfrrfpm_pb0-8.4-150500.4.20.1
* libfrrzmq0-8.4-150500.4.20.1
* libfrr0-debuginfo-8.4-150500.4.20.1
* frr-debugsource-8.4-150500.4.20.1
* libfrrcares0-debuginfo-8.4-150500.4.20.1
* frr-devel-8.4-150500.4.20.1
* libfrrospfapiclient0-8.4-150500.4.20.1
* libfrrcares0-8.4-150500.4.20.1
* libfrrospfapiclient0-debuginfo-8.4-150500.4.20.1
* libfrr_pb0-8.4-150500.4.20.1
* libfrrsnmp0-8.4-150500.4.20.1
* frr-debuginfo-8.4-150500.4.20.1

## References:

* https://www.suse.com/security/cve/CVE-2024-27913.html
* https://www.suse.com/security/cve/CVE-2024-31948.html
* https://bugzilla.suse.com/show_bug.cgi?id=1220548
* https://bugzilla.suse.com/show_bug.cgi?id=1222518



SUSE-SU-2024:1447-1: moderate: Security update for openCryptoki


# Security update for openCryptoki

Announcement ID: SUSE-SU-2024:1447-1
Rating: moderate
References:

* bsc#1219217
* jsc#PED-3360
* jsc#PED-3361

Cross-References:

* CVE-2024-0914

CVSS scores:

* CVE-2024-0914 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0914 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability and contains two features can now be
installed.

## Description:

This update for openCryptoki fixes the following issues:

Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)

* EP11: Add support for FIPS-session mode
* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)
* Bug fixes

* provide user(pkcs11) and group(pkcs11)

Upgrade to version 3.22 (jsc#PED-3361)

* CCA: Add support for the AES-XTS key type using CPACF protected keys
* p11sak: Add support for managing certificate objects
* p11sak: Add support for public sessions (no-login option)
* p11sak: Add support for logging in as SO (security Officer)
* p11sak: Add support for importing/exporting Edwards and Montgomery keys
* p11sak: Add support for importing of RSA-PSS keys and certificates
* CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are
different

Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)

* EP11 and CCA: Support concurrent HSM master key changes
* CCA: protected-key option
* pkcsslotd: no longer run as root user and further hardening
* p11sak: Add support for additional key types (DH, DSA, generic secret)
* p11sak: Allow wildcards in label filter
* p11sak: Allow to specify hex value for CKA_ID attribute
* p11sak: Support sorting when listing keys
* p11sak: New commands: set-key-attr, copy-key to modify and copy keys
* p11sak: New commands: import-key, export-key to import and export keys
* Remove support for --disable-locks (transactional memory)
* Updates to harden against RSA timing attacks
* Bug fixes

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-1447=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1447=1 openSUSE-SLE-15.5-2024-1447=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1447=1

## Package List:

* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* openCryptoki-debuginfo-3.23.0-150500.3.3.13
* openCryptoki-debugsource-3.23.0-150500.3.3.13
* openCryptoki-3.23.0-150500.3.3.13
* Server Applications Module 15-SP5 (ppc64le s390x)
* openCryptoki-64bit-debuginfo-3.23.0-150500.3.3.13
* openCryptoki-64bit-3.23.0-150500.3.3.13
* Server Applications Module 15-SP5 (ppc64le s390x x86_64)
* openCryptoki-devel-3.23.0-150500.3.3.13
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* openCryptoki-devel-debuginfo-3.23.0-150500.3.3.13
* openCryptoki-devel-3.23.0-150500.3.3.13
* openCryptoki-debugsource-3.23.0-150500.3.3.13
* openCryptoki-3.23.0-150500.3.3.13
* openCryptoki-debuginfo-3.23.0-150500.3.3.13
* openSUSE Leap 15.5 (i586)
* openCryptoki-32bit-debuginfo-3.23.0-150500.3.3.13
* openCryptoki-32bit-3.23.0-150500.3.3.13
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* openCryptoki-64bit-debuginfo-3.23.0-150500.3.3.13
* openCryptoki-64bit-3.23.0-150500.3.3.13
* SUSE Linux Enterprise Micro 5.5 (s390x)
* openCryptoki-debuginfo-3.23.0-150500.3.3.13
* openCryptoki-debugsource-3.23.0-150500.3.3.13
* openCryptoki-3.23.0-150500.3.3.13

## References:

* https://www.suse.com/security/cve/CVE-2024-0914.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219217
* https://jira.suse.com/browse/PED-3360
* https://jira.suse.com/browse/PED-3361