The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init that could be used by a local attacker to escalate privileges . - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage . - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages . - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c . - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm . - CVE-2022-33981: Fixed use-after-free in floppy driver - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu . - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system . - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed . The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup . - ALSA: hda/realtek - Add HW8326 support . - ALSA: hda/realtek: Add quirk for Clevo PD70PNT . - ALSA: hda/realtek - ALC897 headset MIC no sound . - ALSA: hda/via: Fix missing beep setup . - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 - arm64: ftrace: fix branch range checks - ASoC: cs35l36: Update digital volume TLV . - ASoC: cs42l52: Correct TLV for Bypass Volume . - ASoC: cs42l52: Fix TLV scales for mixer controls . - ASoC: cs42l56: Correct typo in minimum level for SX volume controls . - ASoC: cs53l30: Correct number of volume levels on SX controls . - ASoC: es8328: Fix event generation for deemphasis control . - ASoC: nau8822: Add operation for internal PLL off and on . - ASoC: wm8962: Fix suspend while playing music . - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put . - ata: libata: add qc-greater than flags in ata_qc_complete_template tracepoint . - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo . - bcache: avoid journal no-space deadlock by reserving 1 journal bucket . - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate . - bcache: fixup multiple threads crash . - bcache: improve multithreaded bch_btree_check . - bcache: improve multithreaded bch_sectors_dirty_init . - bcache: memset on stack variables in bch_btree_check and bch_sectors_dirty_init . - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init . - bio: fix page leak bio_add_hw_page failure . - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats . - blk-iolatency: Fix inflight count imbalances and IO hangs on offline . - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED . - blk-mq: do not update io_ticks with passthrough requests . - blk-mq: drop workarounds for cpu hotplug queue management - blk-mq: update hctx-greater than dispatch_busy in case of real scheduler . - block: advance iov_iter on bio_add_hw_page failure . - block: do not merge across cgroup boundaries if blkcg is enabled . - block: Fix handling of offline queues in blk_mq_alloc_request_hctx . - block: Fix kABI in blk-merge.c . - block/keyslot-manager: prevent crash when num_slots=1 . - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove . - caif_virtio: fix race between virtio_device_ready and ndo_open . - ceph: add some lockdep assertions around snaprealm handling . - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm . - certs/blacklist_hashes.c: fix const confusion in certs blacklist . - cifs: add WARN_ON for when chan_count goes below minimum . - cifs: adjust DebugData to use chans_need_reconnect for conn status . - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty . - cifs: avoid parallel session setups on same channel . - cifs: avoid race during socket reconnect between send and recv . - cifs: call cifs_reconnect when a connection is marked . - cifs: call helper functions for marking channels for reconnect . - cifs: change smb2_query_info_compound to use a cached fid, if available . - cifs: check for smb1 in open_cached_dir . - cifs: check reconnects for channels of active tcons too . - cifs: Check the IOCB_DIRECT flag, not O_DIRECT . - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits . - cifs: clean up an inconsistent indenting . - cifs: destage any unwritten data to the server before calling copychunk_write . - cifs: do not build smb1ops if legacy support is disabled . - cifs: do not call cifs_dfs_query_info_nonascii_quirk if nodfs was set . - cifs: do not use tcpStatus after negotiate completes . - cifs: do not use uninitialized data in the owner/group sid . - cifs: fix confusing unneeded warning message on smb2.1 and earlier . - cifs: fix double free race when mount fails in cifs_get_root . - cifs: fix FILE_BOTH_DIRECTORY_INFO definition . - cifs: fix handlecache and multiuser . - cifs: fix hang on cifs_get_next_mid . - cifs: fix incorrect use of list iterator after the loop . - cifs: fix minor compile warning . - cifs: fix missed refcounting of ipc tcon . - cifs: fix ntlmssp auth when there is no key exchange . - cifs: fix NULL ptr dereference in refresh_mounts . - cifs: fix potential deadlock in direct reclaim . - cifs: fix potential double free during failed mount . - cifs: fix potential race with cifsd thread . - cifs: fix set of group SID via NTSD xattrs . - cifs: fix signed integer overflow when fl_end is OFFSET_MAX . - cifs: Fix smb311_update_preauth_hash kernel-doc comment . - cifs: fix the cifs_reconnect path for DFS . - cifs: fix the connection state transitions with multichannel . - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share . - cifs: fix workstation_name for multiuser mounts . - cifs: force new session setup and tcon for dfs . - cifs: free ntlmsspblob allocated in negotiate . - cifs: ignore resource_id while getting fscache super cookie . - cifs: maintain a state machine for tcp/smb/tcon sessions . - cifs: make status checks in version independent callers . - cifs: mark sessions for reconnection in helper function . - cifs: modefromsids must add an ACE for authenticated users . - cifs: move definition of cifs_fattr earlier in cifsglob.h . - cifs: move superblock magic defitions to magic.h . - cifs: potential buffer overflow in handling symlinks . - cifs: print TIDs as hex . - cifs: protect all accesses to chan_* with chan_lock . - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs . - cifs: reconnect only the connection and not smb session where possible . - cifs: release cached dentries only if mount is complete . - cifs: remove check of list iterator against head past the loop body . - cifs: remove redundant assignment to pointer p . - cifs: remove repeated debug message on cifs_put_smb_ses . - cifs: remove repeated state change in dfs tree connect . - cifs: remove unused variable ses_selected . - cifs: return ENOENT for DFS lookup_cache_entry . - cifs: return the more nuanced writeback error on close . - cifs: sanitize multiple delimiters in prepath . - cifs: serialize all mount attempts . - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir . - cifs: skip trailing separators of prefix paths . - cifs: smbd: fix typo in comment . - cifs: Split the smb3_add_credits tracepoint . - cifs: take cifs_tcp_ses_lock for status checks . - cifs: track individual channel status using chans_need_reconnect . - cifs: unlock chan_lock before calling cifs_put_tcp_session . - cifs: update internal module number . - cifs: update internal module number . - cifs: update tcpStatus during negotiate and sess setup . - cifs: use a different reconnect helper for non-cifsd threads . - cifs: use correct lock type in cifs_reconnect . - cifs: Use kzalloc instead of kmalloc/memset . - cifs: use new enum for ses_status . - cifs: use the chans_need_reconnect bitmap for reconnect status . - cifs: verify that tcon is valid before dereference in cifs_kill_sb . - cifs: version operations for smb20 unneeded when legacy support disabled . - cifs: wait for tcon resource_id before getting fscache super . - cifs: we do not need a spinlock around the tree access during umount . - cifs: when extending a file with falloc we should make files not-sparse . - drivers: cpufreq: Add missing of_node_put in qoriq-cpufreq.c . - drm/i915/reset: Fix error_state_read ptr + offset use . - drm/i915: Update TGL and RKL DMC firmware versions . - drm/msm: Fix double pm_runtime_disable call . - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf . - drm/sun4i: Fix crash during suspend after component bind failure . - exec: Force single empty string when argv is empty . - ext4: add check to prevent attempting to resize an fs with sparse_super2 . - ext4: fix bug_on ext4_mb_use_inode_pa . - ext4: fix bug_on in __es_tree_search . - ext4: fix race condition between ext4_write and ext4_convert_inline_data . - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole . - ext4: make variable 'count' signed . - Fix a warning about a malformed kernel doc comment in cifs . - fuse: annotate lock in fuse_reverse_inval_entry . - gpio: winbond: Fix error code in winbond_gpio_get . - gtp: use icmp_ndo_send helper . - hwmon: do not call platform_device_del if platform_device_add fails . - i2c: designware: Use standard optional ref clock implementation . - ibmvnic: Properly dispose of all skbs during a failover . - iio:accel:bma180: rearrange iio trigger get and register . - iio: accel: mma8452: ignore the return value of reset operation . - iio: adc: axp288: Override TS pin bias current for some models . - iio: adc: vf610: fix conversion mode sysfs node name . - iio:chemical:ccs811: rearrange iio trigger get and register . - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up . - iio: trigger: sysfs: fix use-after-free on remove . - init: Initialize noop_backing_dev_info early . - inotify: show inotify mask flags in proc fdinfo . - iomap: iomap_write_failed fix . - ipvs: add sysctl_run_estimation to support disable estimation . - jfs: fix divide error in dbNextAG . - kABI fix of sysctl_run_estimation . - kabi: nvme workaround header include . - kabi/severities: ignore KABI for NVMe target - linux/dim: Fix divide by 0 in RDMA DIM . - md: fix update super 1.0 on rdev size change . - move devm_allocate to end of structure for kABI . - mtd: rawnand: gpmi: Fix setting busy timeout setting . - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg . - net: ethernet: stmmac: Disable hardware multicast filter . - net: ieee802154: ca8210: Stop leaking skb"s . - net: lantiq: Add locking for TX DMA channel . - net: rose: fix UAF bugs caused by timer handler . - net: stmmac: reset Tx desc base address before restarting Tx . - net: usb: ax88179_178a: Fix packet receiving . - nfc: nfcmrvl: Fix irq_of_parse_and_map return value . - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred . - NFC: nxp-nci: Do not issue a zero length i2c_master_read . - NFS: Do not report EINTR/ERESTARTSYS as mapping errors . - NFS: Do not report errors from nfs_pageio_complete more than once . - NFS: Do not report flush errors in nfs_write_end . - NFS: Further fixes to the writeback error handling . - NFS: Memory allocation failures are not server fatal errors . - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout . - nvdimm: Fix firmware activation deadlock scenarios . - nvdimm/region: Fix default alignment for small regions . - nvme: add CNTRLTYPE definitions for "identify controller" . - nvme: Add connect option "discovery" . - nvme: add new discovery log page entry definitions . - nvme: display correct subsystem NQN . - nvme: expose subsystem type in sysfs attribute "subsystype" . - nvme: kabi fix nvme subsystype change - nvmet: add nvmet_is_disc_subsys helper . - nvmet: add nvmet_req_subsys helper . - nvme-tcp: fix H2CData PDU send accounting . - nvmet: do not check iosqes,iocqes for discovery controllers . - nvmet: fix freeing unallocated p2pmem . - nvmet: make discovery NQN configurable . - nvmet-rdma: Fix NULL deref when SEND is completed with error . - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY . - nvmet: register discovery subsystem as "current" . - nvmet: set "CNTRLTYPE" in the identify controller data . - nvmet: switch check for subsystem type . - phy: aquantia: Fix AN when higher speeds than 1G are not advertised . - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE . - powerpc/idle: Fix return value of __setup handler . - powerpc/perf: Fix the threshold compare group constraint for power9 . - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address . - random: Add and use pr_fmt . - random: remove unnecessary unlikely . - regmap-irq: Fix a bug in regmap_irq_enable for type_in_mask chips . - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' . - scsi: core: Show SCMD_LAST in text form . - scsi: ibmvfc: Allocate/free queue resource only during probe/remove . - scsi: ibmvfc: Store vhost pointer during subcrq allocation . - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds . - scsi: lpfc: Address NULL pointer dereference after starget_to_rport . - scsi: lpfc: Add support for ATTO Fibre Channel devices . - scsi: lpfc: Add support for VMID tagging of NVMe I/Os . - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion . - scsi: lpfc: Commonize VMID code location . - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event . - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology . - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted . - scsi: lpfc: Resolve some cleanup issues following abort path refactoring . - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring . - scsi: lpfc: Rework lpfc_vmid_get_appid to be protocol independent . - scsi: lpfc: Update lpfc version to 14.2.0.4 . - scsi: nvme: Added a new sysfs attribute appid_store . - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid . - scsi: qla2xxx: Add a new v2 dport diagnostic feature . - scsi: qla2xxx: Add debug prints in the device remove path . - scsi: qla2xxx: edif: Add bsg interface to read doorbell events . - scsi: qla2xxx: edif: Add retry for ELS passthrough . - scsi: qla2xxx: edif: bsg refactor . - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription . - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target . - scsi: qla2xxx: edif: Fix n2n login retry for secure device . - scsi: qla2xxx: edif: Fix no login after app start . - scsi: qla2xxx: edif: Fix no logout on delete for N2N . - scsi: qla2xxx: edif: Fix potential stuck session in sa update . - scsi: qla2xxx: edif: Fix session thrash . - scsi: qla2xxx: edif: Fix slow session teardown . - scsi: qla2xxx: edif: Reduce disruption due to multiple app start . - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing . - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time . - scsi: qla2xxx: edif: Remove old doorbell interface . - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message . - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application . - scsi: qla2xxx: edif: Tear down session if keys have been removed . - scsi: qla2xxx: edif: Wait for app to ack on sess down . - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts . - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection . - scsi: qla2xxx: Fix excessive I/O error messages by default . - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests . - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os . - scsi: qla2xxx: Fix losing target when it reappears during delete . - scsi: qla2xxx: Remove setting of "req" and "rsp" parameters . - scsi: qla2xxx: Remove unused "ql_dm_tgt_ex_pct" parameter . - scsi: qla2xxx: Turn off multi-queue for 8G adapters . - scsi: qla2xxx: Update version to 10.02.07.500-k . - scsi: qla2xxx: Update version to 10.02.07.600-k . - scsi: qla2xxx: Update version to 10.02.07.700-k . - scsi: qla2xxx: Wind down adapter after PCIe error . - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc . - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks . - scsi: sd: sd_zbc: Fix ZBC disk initialization . - scsi: sd: Signal drive managed SMR disks . - scsi: sd_zbc: Do not limit max_zone_append sectors to . - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE . - scsi: sd_zbc: Improve zone revalidation . - scsi: sd_zbc: Remove unused inline functions . - scsi: sd_zbc: Support disks with more than 2**32 logical . - scsi: smartpqi: create module parameters for LUN reset . - smb3: add mount parm nosparse . - smb3: add trace point for lease not found issue . - smb3: add trace point for oplock not found . - smb3: check for null tcon . - smb3: cleanup and clarify status of tree connections . - smb3: do not set rc when used and unneeded in query_info_compound . - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op . - smb3: fix incorrect session setup check for multiuser mounts . - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common . - smb3: fix snapshot mount option . - smb3 improve error message when mount options conflict with posix . - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common . - smb3: move defines for query info and query fsinfo to smbfs_common . - smb3: move more common protocol header definitions to smbfs_common . - smb3: send NTLMSSP version information . - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe . - spi: Fix use-after-free with devm_spi_alloc_* . - SUNRPC: Fix the calculation of xdr-greater than end in xdr_get_next_encode_buffer . - sunvnet: use icmp_ndo_send helper . - tty: goldfish: Fix free_irq on remove . - usb: chipidea: udc: check request status before setting device address . - usb: dwc2: Fix memory leak in dwc2_hcd_init . - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe . - usb: gadget: u_ether: fix regression in setting fixed MAC address . - usbnet: fix memory allocation in helpers . - USB: serial: io_ti: add Agilent E5805A support . - USB: serial: option: add Quectel EM05-G modem . - USB: serial: option: add Quectel RM500K module support . - USB: serial: option: add support for Cinterion MV31 with new baseline . - USB: serial: option: add Telit LE910Cx 0x1250 composition . - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC . - veth: fix races around rq-greater than rx_notify_masked . - virtio-mmio: fix missing put_device when vm_cmdline_parent registration failed . - virtio-net: fix race between ndo_open and virtio_device_ready . - virtio_net: fix xdp_rxq_info bug after suspend/resume . - virtio-pci: Remove wrong address verification in vp_del_vqs . - vmxnet3: fix minimum vectors alloc issue . - writeback: Avoid skipping inode writeback . - writeback: Fix inode-greater than i_io_list not be protected by inode-greater than i_lock error . - xhci: Add reset resume quirk for AMD xhci controller . - x86/entry: Remove skip_r11rcx . Special Instructions and Notes: Please reboot the system after installing this update.