The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation . - CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk . - CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation . - CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace . - CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function . - CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption - CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel"s garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4 . - CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks . - CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn"t properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses . - CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an information leak because the hash table is very small . The following non-security bugs were fixed: - ACPI: APD: Check for NULL pointer after calling devm_ioremap . - ACPI: Add stubs for wakeup handler functions . - ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes . - ALSA: PCM: Add missing rwsem around snd_ctl_remove calls . - ALSA: ctl: Fix copy of updated id with element read/write . - ALSA: drivers: opl3: Fix incorrect use of vp-greater than state . - ALSA: hda/hdmi: Disable silent stream on GLK . - ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform . - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows . - ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED . - ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 . - ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 . - ALSA: hda/realtek: Fix quirk for Clevo NJ51CU . - ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 . - ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers . - ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ . - ALSA: hda: Add missing rwsem around snd_ctl_remove calls . - ALSA: hda: Make proper use of timecounter . - ALSA: jack: Add missing rwsem around snd_ctl_remove calls . - ALSA: jack: Check the return value of kstrdup . - ALSA: oss: fix compile error when OSS_DEBUG is enabled . - ALSA: pcm: oss: Fix negative period/buffer sizes . - ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params* . - ALSA: pcm: oss: Limit the period size to 16MB . - ALSA: usb-audio: Drop superfluous "0" in Presonus Studio 1810c"s ID . - ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk . - ASoC: codecs: wcd934x: handle channel mappping list correctly . - ASoC: codecs: wcd934x: return correct value from mixer put . - ASoC: codecs: wcd934x: return error code correctly from hw_params . - ASoC: codecs: wsa881x: fix return values from kcontrol put . - ASoC: cs42l42: Correct configuring of switch inversion from ts-inv . - ASoC: cs42l42: Disable regulators if probe fails . - ASoC: cs42l42: Use device_property API instead of of_property . - ASoC: fsl_asrc: refine the check of available clock divider . - ASoC: fsl_mqs: fix MODULE_ALIAS . - ASoC: mediatek: Check for error clk pointer . - ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s . - ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent . - ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer . - ASoC: rt5663: Handle device_property_read_u32_array error codes . - ASoC: samsung: idma: Check of ioremap return value . - ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked . - ASoC: sunxi: fix a sound binding broken reference . - ASoC: tegra: Fix kcontrol put callback in ADMAIF . - ASoC: tegra: Fix kcontrol put callback in AHUB . - ASoC: tegra: Fix kcontrol put callback in DMIC . - ASoC: tegra: Fix kcontrol put callback in DSPK . - ASoC: tegra: Fix kcontrol put callback in I2S . - ASoC: tegra: Fix wrong value type in ADMAIF . - ASoC: tegra: Fix wrong value type in DMIC . - ASoC: tegra: Fix wrong value type in DSPK . - ASoC: tegra: Fix wrong value type in I2S . - ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA . - Add cherry-picked IDs for qemu fw_cfg patches - Bluetooth: L2CAP: Fix using wrong mode . - Bluetooth: bfusb: fix division by zero in send path . - Bluetooth: btmtksdio: fix resume failure . - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb . - Bluetooth: cmtp: fix possible panic when cmtp_init_sockets fails . - Bluetooth: hci_bcm: Check for error irq . - Bluetooth: hci_qca: Stop IBS timer during BT OFF . - Bluetooth: stop proccessing malicious adv data . - Documentation: ACPI: Fix data node reference documentation . - Documentation: dmaengine: Correctly describe dmatest with channel unset . - Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization . - HID: add USB_HID dependancy to hid-chicony . - HID: add USB_HID dependancy to hid-prodikeys . - HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option . - HID: bigbenff: prevent null pointer dereference . - HID: google: add eel USB id . - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad . - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc . - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init . - HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init . - HID: quirks: Add quirk for the Microsoft Surface 3 type-cover . - Input: appletouch - initialize work before device registration . - Input: atmel_mxt_ts - fix double free in mxt_read_info_block . - Input: elantech - fix stack out of bound access in elantech_change_report_id . - Input: i8042 - add deferred probe support . - Input: i8042 - enable deferred probe quirk for ASUS UM325UA . - Input: max8925_onkey - do not mark comment as kernel-doc . - Input: spaceball - fix parsing of movement data packets . - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 . - Input: ti_am335x_tsc - set ADCREFM for X configuration . - Move upstreamed patches into sorted section - NFC: st21nfca: Fix memory leak in device probe and remove . - NFSD: Fix zero-length NFSv3 WRITEs . - NFSv42: Do not fail clone unless the OP_CLONE operation failed . - NFSv42: Fix pagecache invalidation after COPY/CLONE . - PCI/ACPI: Fix acpi_pci_osc_control_set kernel-doc comment . - PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error . - PCI/MSI: Fix pci_irq_vector/pci_irq_get_affinity . - PCI/MSI: Mask MSI-X vectors only on success . - PCI: cadence: Add cdns_plat_pcie_probe missing return . - PCI: dwc: Do not remap invalid res . - PCI: mvebu: Check for errors from pci_bridge_emul_init call . - PCI: mvebu: Do not modify PCI IO type bits in conf_write . - PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge . - PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge . - PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge . - PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space . - PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device . - PCI: pciehp: Fix infinite loop in IRQ handler upon power fault . - PCI: xgene: Fix IB window setup . - PM: runtime: Defer suspending suppliers . - PM: sleep: Do not assume that 'mem' is always present . - RDMA/hns: Replace kfree with kvfree . - Revert 'PM: sleep: Do not assume that 'mem' is always present' . - Revert 'USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set' . - Revert 'net/mlx5: Add retry mechanism to the command entry index allocation' . - USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status . - USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub . - USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher . - USB: cdc-acm: fix break reporting . - USB: cdc-acm: fix racy tty buffer accesses . - USB: chipidea: fix interrupt deadlock . - USB: core: Fix bug in resuming hub"s handling of wakeup requests . - USB: gadget: bRequestType is a bitfield, not a enum . - USB: gadget: detect too-big endpoint 0 requests . - USB: gadget: zero allocate endpoint 0 buffers . - USB: serial: cp210x: fix CP2105 GPIO registration . - USB: serial: option: add Telit FN990 compositions . - Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch . - Updated mpi3mr entry in supported.conf Moving this driver into the 'supported' package. - amd/display: downgrade validation failure log level . - ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile . - atlantic: Fix buff_ring OOB in aq_ring_rx_clean . - ax25: NPD bug when detaching AX25 device . - backlight: qcom-wled: Fix off-by-one maximum with default num_strings . - backlight: qcom-wled: Override default length with qcom,enabled-strings . - backlight: qcom-wled: Pass number of elements to read to read_u32_array . - backlight: qcom-wled: Validate enabled string indices in DT . - batman-adv: mcast: do not send link-local multicast to mcast routers . - blk-cgroup: synchronize blkg creation against policy deactivation . - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg . - block: fix ioprio_get vs setuid . - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data . - can: gs_usb: gs_can_start_xmit: zero-initialize hf-greater than {flags,reserved} . - can: kvaser_usb: get CAN clock frequency from device . - can: sja1000: fix use after free in ems_pcmcia_add_card . - can: softing: softing_startstop: fix set but not used variable warning . - can: softing_cs: softingcs_probe: fix memleak on registration failure . - can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv . - can: xilinx_can: xcan_probe: check for error irq . - char/mwave: Adjust io port register size . - clk: Do not parent clks until the parent is fully registered . - clk: Gemini: fix struct name in kernel-doc . - clk: bcm-2835: Pick the closest clock rate . - clk: bcm-2835: Remove rounding up the dividers . - clk: imx8mn: Fix imx8mn_clko1_sels . - clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 . - clk: qcom: gcc-msm8996: Drop gcc_aggre1_pnoc_ahb_clk . - clk: qcom: regmap-mux: fix parent clock lookup . - clk: stm32: Fix ltdc"s clock turn off by clk_disable_unused after system enter shell . - crypto: caam - replace this_cpu_ptr with raw_cpu_ptr . - crypto: mxs-dcp - Use sg_mapping_iter to copy data . - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop . - crypto: qat - do not ignore errors from enable_vf2pf_comms . - crypto: qat - fix reuse of completion variable . - crypto: qat - handle both source of interrupt in VF ISR . - crypto: qce - fix uaf on qce_ahash_register_one . - crypto: stm32/crc32 - Fix kernel BUG triggered in probe . - crypto: stm32/cryp - fix double pm exit . - crypto: stm32/cryp - fix lrw chaining mode . - crypto: stm32/cryp - fix xts and race condition in crypto_engine requests . - debugfs: lockdown: Allow reading debugfs files that are not world readable . - device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED . - dm crypt: document encrypted keyring key option . - dm writecache: add 'cleaner' and 'max_age' to Documentation . - dm writecache: advance the number of arguments when reporting max_age . - dm writecache: fix performance degradation in ssd mode . - dm writecache: flush origin device when writing and cache is full . - dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled . - dmaengine: at_xdmac: Do not start transactions at tx_submit level . - dmaengine: at_xdmac: Fix at_xdmac_lld struct definition . - dmaengine: at_xdmac: Fix concurrency over xfers_list . - dmaengine: at_xdmac: Fix lld view setting . - dmaengine: at_xdmac: Print debug message after realeasing the lock . - dmaengine: bestcomm: fix system boot lockups . - dmaengine: idxd: add module parameter to force disable of SVA . - dmaengine: idxd: enable SVA feature for IOMMU . - dmaengine: pxa/mmp: stop referencing config-greater than slave_id . - dmaengine: st_fdma: fix MODULE_ALIAS . - drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 . - drm/amd/display: Fix for the no Audio bug with Tiled Displays . - drm/amd/display: Update bounding box states . - drm/amd/display: Update number of DCN3 clock states . - drm/amd/display: add connector type check for CRC source set . - drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled . - drm/amd/display: fix incorrect CM/TF programming sequence in dwb . - drm/amd/display: fix missing writeback disablement if plane is removed . - drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode . - drm/amdgpu: Fix a printing message . - drm/amdgpu: Fix amdgpu_ras_eeprom_init . - drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE . - drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' . - drm/amdkfd: Account for SH/SE count when setting up cu masks . - drm/amdkfd: Check for null pointer after calling kmemdup . - drm/ast: potential dereference of null pointer . - drm/atomic: Check new_crtc_state-greater than active to determine if CRTC needs disable in self refresh mode . - drm/bridge: analogix_dp: Make PSR-exit block less . - drm/bridge: display-connector: fix an uninitialized pointer in probe . - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit . - drm/bridge: ti-sn65dsi86: Set max register for regmap . - drm/display: fix possible null-pointer dereference in dcn10_set_clock . - drm/exynos: Always initialize mapping in exynos_drm_register_dma . - drm/i915/fb: Fix rounding error in subsampled plane size calculation . - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk . - drm/mediatek: Check plane visibility in atomic_update . - drm/msm/dpu: fix safe status debugfs file . - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 . - drm/msm/dsi: set default num_data_lanes . - drm/msm/mdp5: fix cursor-related warnings . - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit . - drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture . - drm/panel: innolux-p079zca: Delete panel on attach failure . - drm/panel: kingdisplay-kd097d04: Delete panel on attach failure . - drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms . - drm/rockchip: dsi: Disable PLL clock on bind error . - drm/rockchip: dsi: Fix unbalanced clock on probe error . - drm/rockchip: dsi: Hold pm-runtime across bind/unbind . - drm/rockchip: dsi: Reconfigure hardware on resume . - drm/sun4i: dw-hdmi: Fix missing put_device call in sun8i_hdmi_phy_get . - drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY . - drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence . - drm/tegra: vic: Fix DMA API misuse . - drm/vboxvideo: fix a NULL vs IS_ERR check . - drm/vc4: hdmi: Make sure the controller is powered up during bind . - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET . - drm/vc4: hdmi: Set a default HSM rate . - drm: fix null-ptr-deref in drm_dev_init_release . - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers . - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock . - eeprom: idt_89hpesx: Put fwnode in matching case during -greater than probe . - eeprom: idt_89hpesx: Restore printing the unsupported fwnode name . - ext4: Avoid trim error on fs with small groups . - ext4: fix lazy initialization next schedule time computation in more granular unit . - fget: clarify and improve __fget_files implementation . - firmware: Update Kconfig help text for Google firmware . - firmware: arm_scmi: pm: Propagate return value to caller . - firmware: arm_scpi: Fix string overflow in SCPI genpd driver . - firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available . - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries . - firmware: qemu_fw_cfg: fix kobject leak in probe error path . - firmware: qemu_fw_cfg: fix sysfs information leak . - firmware: raspberrypi: Fix a leak in "rpi_firmware_get" . - firmware: smccc: Fix check for ARCH_SOC_ID not implemented . - firmware: tegra: Fix error application of sizeof to pointer . - firmware: tegra: Reduce stack usage . - firmware_loader: fix pre-allocated buf built-in firmware use . - floppy: Fix hang in watchdog when disk is ejected . - flow_offload: return EOPNOTSUPP for the unsupported mpls action type . - fuse: Pass correct lend value to filemap_write_and_wait_range . - gpiolib: acpi: Make set-debounce-timeout failures non fatal . - gpu: host1x: Add back arm_iommu_detach_device . - hwmon: Add basic support for TI TMP461 . - hwmon: Add max6654 support to lm90 driver . - hwmon: Do not report "busy" status bit as alarm . - hwmon: Drop critical attribute support for MAX6654 . - hwmon: Fix usage of CONFIG2 register in detect function . - hwmon: Introduce flag indicating extended temperature support . - i2c: rk3x: Handle a spurious start completion interrupt flag . - i2c: validate user data in compat ioctl . - i3c: fix incorrect address slot lookup on 64-bit . - i3c: master: dw: check return of dw_i3c_master_get_free_pos . - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc . - i40e: Fix for displaying message regarding NVM version . - i40e: Fix incorrect netdev"s real number of RX/TX queues . - i40e: Fix to not show opcode msg on unsuccessful VF MAC change . - i40e: fix use-after-free in i40e_sync_filters_subtask . - iavf: Fix limit of total number of queues to active queues of VF . - iavf: restore MSI state on reset . - ieee802154: atusb: fix uninit value in atusb_set_extended_addr . - ieee802154: fix error return code in ieee802154_llsec_getparams . - ieee802154: fix error return code in ieee802154_add_iface . - ieee802154: hwsim: Fix memory leak in hwsim_add_one . - ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others . - ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl . - ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi . - igb: Fix removal of unicast MAC filters of VFs . - igbvf: fix double free in `igbvf_probe` . - igc: Fix typo in i225 LTR functions . - iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove . - iio: ad7768-1: Call iio_trigger_notify_done on error . - iio: adc: axp20x_adc: fix charging current reporting on AXP22x . - iio: at91-sama5d2: Fix incorrect sign extension . - iio: dln2-adc: Fix lockdep complaint . - iio: dln2: Check return value of devm_iio_trigger_register . - iio: itg3200: Call iio_trigger_notify_done on error . - iio: kxsd9: Do not return error code in trigger handler . - iio: ltr501: Do not return error code in trigger handler . - iio: mma8452: Fix trigger reference couting . - iio: stk3310: Do not return error code in interrupt handler . - iio: trigger: Fix reference counting . - iio: trigger: stm32-timer: fix MODULE_ALIAS . - ionic: Initialize the "lif-greater than dbid_inuse" bitmap . - isofs: Fix out of bound access for corrupted isofs image . - iwlwifi: fw: correctly limit to monitor dump . - iwlwifi: mvm: Fix scan channel flags settings . - iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing . - iwlwifi: mvm: avoid static queue number aliasing . - iwlwifi: mvm: disable RX-diversity in powersave . - iwlwifi: mvm: fix 32-bit build in FTM . - iwlwifi: mvm: fix access to BSS elements . - iwlwifi: mvm: test roc running status bits before removing the sta . - iwlwifi: pcie: free RBs during configure . - ixgbe: set X550 MDIO speed before talking to PHY . - kmod: make request_module return an error when autoloading is disabled . - kobject: Restore old behaviour of kobject_del . - kobject_uevent: remove warning in init_uevent_argv . - kprobes: Limit max data_size of the kretprobe instances . - libata: add horkage for ASMedia 1092 . - libata: if T_LENGTH is zero, dma direction should be DMA_NONE . - livepatch: Avoid CPU hogging with cond_resched . - lockdown: Allow unprivileged users to see lockdown status . - mISDN: change function names to avoid conflicts . - mac80211: Fix monitor MTU limit so that A-MSDUs get through . - mac80211: agg-tx: do not schedule_and_wake_txq under sta-greater than lock . - mac80211: do not access the IV when it was stripped . - mac80211: fix lookup when adding AddBA extension element . - mac80211: fix regression in SSN handling of addba tx . - mac80211: initialize variable have_higher_than_11mbit . - mac80211: mark TX-during-stop for TX in in_reconfig . - mac80211: send ADDBA requests using the tid/queue of the aggregation session . - mac80211: track only QoS data frames for admission control . - mac80211: validate extended element ID is present . - mailbox: hi3660: convert struct comments to kernel-doc notation . - media: Revert 'media: uvcvideo: Set unique vdev name based in type' . - media: aspeed: Update signal status immediately to ensure sane hw state . - media: aspeed: fix mode-detect always time out at 2nd run . - media: cpia2: fix control-message timeouts . - media: dib0700: fix undefined behavior in tuner shutdown . - media: dib8000: Fix a memleak in dib8000_init . - media: dmxdev: fix UAF when dvb_register_device fails . - media: dw2102: Fix use after free . - media: em28xx: fix control-message timeouts . - media: em28xx: fix memory leak in em28xx_init_dev . - media: flexcop-usb: fix control-message timeouts . - media: hantro: Fix probe func error path . - media: i2c: imx274: fix trivial typo expsoure/exposure . - media: i2c: imx274: fix trivial typo obainted/obtained . - media: imx-pxp: Initialize the spinlock prior to using it . - media: mceusb: fix control-message timeouts . - media: msi001: fix possible null-ptr-deref in msi001_probe . - media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released . - media: pvrusb2: fix control-message timeouts . - media: rcar-csi2: Correct the selection of hsfreqrange . - media: rcar-csi2: Optimize the selection PHTW register . - media: redrat3: fix control-message timeouts . - media: s2255: fix control-message timeouts . - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach . - media: si2157: Fix 'warm' tuner state detection . - media: si470x-i2c: fix possible memory leak in si470x_i2c_probe . - media: stk1160: fix control-message timeouts . - media: streamzap: remove unnecessary ir_raw_event_reset and handle . - media: uvcvideo: fix division by zero at stream start . - media: venus: core: Fix a resource leak in the error handling path of "venus_probe" . - memblock: ensure there is no overflow in memblock_overlaps_region . - memory: emif: Remove bogus debugfs error handling . - mfd: intel-lpss: Fix too early PM enablement in the ACPI -greater than probe . - misc: fastrpc: Add missing lock before accessing find_vma . - misc: fastrpc: fix improper packet size calculation . - misc: lattice-ecp3-config: Fix task hung when firmware load failed . - mmc: meson-mx-sdio: add IRQ check . - mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit . - mmc: sdhci-esdhc-imx: disable CMDQ support . - mmc: sdhci-pci: Add PCI ID for Intel ADL . - mmc: sdhci-tegra: Fix switch to HS400ES mode . - move to 'mainline soon' section: - patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch - moxart: fix potential use-after-free on remove path . - mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode . - mt76: mt7915: fix an off-by-one bound check . - mtd: rawnand: fsmc: Fix timing computation . - mtd: rawnand: fsmc: Take instruction delay into account . - mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip . - mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare . - mwifiex: Fix possible ABBA deadlock . - mwifiex: Try waking the firmware until we get an interrupt . - net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources . - net/mlx5: Set command entry semaphore up once got index free . - net/mlx5e: Fix wrong features assignment in case of error . - net/mlx5e: Wrap the tx reporter dump callback to extract the sq . - net/sched: fq_pie: prevent dismantle issue . - net/sched: sch_ets: do not remove idle classes from the round-robin list . - net: create netdev-greater than dev_addr assignment helpers . - net: ena: Fix error handling when calculating max IO queues number . - net: ena: Fix undefined state when tx request id is out of bounds . - net: ena: Fix wrong rx request id by resetting device . - net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg . - net: usb: lan78xx: add Allied Telesis AT29M2-AF . - net: usb: pegasus: Do not drop long Ethernet frames . - netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone . - nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done . - nfc: fix segfault in nfc_genl_dump_devices_done . - nfsd: Fix nsfd startup race . - nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups . - nvme-tcp: block BH in sk state_change sk callback . - nvme-tcp: can"t set sk_user_data without write_lock . - nvme-tcp: check sgl supported by target . - nvme-tcp: do not update queue count when failing to set io queues . - nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU . - nvme-tcp: fix crash triggered with a dataless request submission . - nvme-tcp: fix error codes in nvme_tcp_setup_ctrl . - nvme-tcp: fix io_work priority inversion . - nvme-tcp: fix possible data corruption with bio merges . - nvme-tcp: fix possible req-greater than offset corruption . - nvme-tcp: fix wrong setting of request iov_iter . - nvme-tcp: get rid of unused helper function . - nvme-tcp: pair send_mutex init with destroy . - nvme-tcp: pass multipage bvec to request iov_iter . - nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME . - pcmcia: fix setting of kthread task states . - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region . - pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region . - pcnet32: Use pci_resource_len to validate PCI resource . - pinctrl: mediatek: fix global-out-of-bounds issue . - pinctrl: qcom: spmi-gpio: correct parent irqspec translation . - pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines . - pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume . - pipe: increase minimum default pipe size to 2 pages . - platform/x86: apple-gmux: use resource_size with res . - platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep . - power: reset: ltc2952: Fix use of floating point literals . - power: supply: core: Break capacity loop . - power: supply: max17042_battery: Clear status bits in interrupt handler . - powerpc/64s: fix program check interrupt emergency stack path . - powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic . - powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC . - powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses . - powerpc/prom_init: Fix improper check of prom_getprop . - powerpc/pseries/cpuhp: cache node corrections . - powerpc/pseries/cpuhp: delete add/remove_by_count code . - powerpc/pseries/mobility: ignore ibm, platform-facilities updates . - powerpc/traps: do not enable irqs in _exception . - powerpc/xive: Add missing null check after calling kmalloc . - powerpc: add interrupt_cond_local_irq_enable helper . - powerpc: handle kdump appropriately with crash_kexec_post_notifiers option . - pwm: mxs: Do not modify HW state in .probe after the PWM chip was registered . - pwm: tiecap: Drop .free callback . - qlcnic: potential dereference null pointer of rx_queue-greater than page_ring . - quota: check block number when reading the block in quota file . - quota: correct error number in free_dqentry . - random: fix data race on crng init time . - random: fix data race on crng_node_pool . - regmap: Call regmap_debugfs_exit prior to _init . - rndis_host: support Hytera digital radios . - rpmsg: core: Clean up resources on announce_create failure . - rtl8xxxu: Fix the handling of TX A-MPDU aggregation . - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore with interrupts enabled . - rtw88: use read_poll_timeout instead of fixed sleep . - rtw88: wow: build wow function only if CONFIG_PM is on . - rtw88: wow: fix size access error of probe request . - sata: nv: fix debug format string mismatch . - scsi: lpfc: Add additional debugfs support for CMF . - scsi: lpfc: Adjust CMF total bytes and rxmonitor . - scsi: lpfc: Cap CMF read bytes to MBPI . - scsi: lpfc: Change return code on I/Os received during link bounce . - scsi: lpfc: Fix NPIV port deletion crash . - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV . - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance . - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup . - scsi: lpfc: Update lpfc version to 14.0.0.4 . - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id . - scsi: qla2xxx: Format log strings only if needed . - scsi: qla2xxx: edif: Fix EDIF bsg . - scsi: qla2xxx: edif: Fix app start delay . - scsi: qla2xxx: edif: Fix app start fail . - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo . - scsi: qla2xxx: edif: Flush stale events and msgs on session down . - scsi: qla2xxx: edif: Increase ELS payload . - select: Fix indefinitely sleeping task in poll_schedule_timeout . - selftests: KVM: Explicitly use movq to read xmm registers . - selinux: fix potential memleak in selinux_add_opt . - seq_buf: Fix overflow in seq_buf_putmem_hex . - seq_buf: Make trace_seq_putmem_hex support data longer than 8 . - serial: pl011: Add ACPI SBSA UART match id . - serial: tty: uartlite: fix console setup . - sfc: Check null pointer of rx_queue-greater than page_ring . - sfc: The RX page_ring is optional . - sfc: falcon: Check null pointer of rx_queue-greater than page_ring . - sfc_ef100: potential dereference of null pointer . - shmem: shmem_writepage split unlikely i915 THP . - slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew . - soc/tegra: fuse: Fix bitwise vs. logical OR warning . - soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read . - soc: fsl: dpio: rename the enqueue descriptor variable . - soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id . - soc: fsl: dpio: use an explicit NULL instead of 0 . - soc: fsl: dpio: use the combined functions to protect critical zone . - spi: change clk_disable_unprepare to clk_unprepare . - spi: spi-meson-spifc: Add missing pm_runtime_disable in meson_spifc_probe . - spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in . - staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent . - staging: fbtft: Do not spam logs when probe is deferred . - staging: fbtft: Rectify GPIO handling . - staging: fieldbus: anybuss: jump to correct label in an error path . - staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC . - staging: rtl8192e: return error code from rtllib_softmac_init . - staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib . - staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn . - string.h: fix incompatibility between FORTIFY_SOURCE and KASAN . - thermal/drivers/imx8mm: Enable ADC when enabling monitor . - thermal/drivers/int340x: Do not set a wrong tcc offset on resume . - thermal: core: Reset previous low and high trip during thermal zone init . - tpm: add request_locality before write TPM_INT_ENABLE . - tpm: fix potential NULL pointer access in tpm_del_char_device . - tracing/kprobes: "nmissed" not showed correctly for kretprobe . - tracing/uprobes: Check the return value of kstrdup for tu-greater than filename . - tracing: Add test for user space strings when filtering on string pointers . - tracing: Fix check for trace_percpu_buffer validity in get_trace_buf . - tty: max310x: fix flexible_array.cocci warnings . - tty: serial: atmel: Call dma_async_issue_pending . - tty: serial: atmel: Check return code of dmaengine_submit . - tty: serial: earlycon dependency . - tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup . - tty: serial: uartlite: allow 64 bit address . - tty: synclink_gt: rename a conflicting function name . - udf: Fix crash after seekdir . - uio: uio_dmem_genirq: Catch the Exception . - usb: core: config: fix validation of wMaxPacketValue entries . - usb: core: config: using bit mask instead of individual bits . - usb: dwc2: check return value after calling platform_get_resource . - usb: dwc3: gadget: Continue to process pending requests . - usb: dwc3: gadget: Ignore EP queue requests during bus reset . - usb: dwc3: gadget: Reclaim extra TRBs after request completion . - usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield . - usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression . - usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one . - usb: dwc3: ulpi: fix checkpatch warning . - usb: ftdi-elan: fix memory leak on device disconnect . - usb: gadget: composite: Allow bMaxPower=0 if self-powered . - usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear . - usb: gadget: u_ether: fix race in setting MAC address in setup phase . - usb: mtu3: add memory barrier before set GPD"s HWO . - usb: mtu3: fix interval value for intr and isoc . - usb: mtu3: fix list_head check warning . - usb: mtu3: set interval of FS intr and isoc endpoint . - usb: typec: tcpm: handle SRC_STARTUP state if cc changes . - usb: xhci: Extend support for runtime power management for AMD"s Yellow carp . - usermodehelper: reset umask to default before executing user process . - vfs: check fd has read access in kernel_read_file_from_fd . - video: backlight: Drop maximum brightness override for brightness zero . - watchdog: Fix OMAP watchdog early handling . - watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT . - wcn36xx: Fix missing frame timestamp for beacon/probe-resp . - wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND . - wcn36xx: Release DMA channel descriptor allocations . - wcn36xx: handle connection loss indication . - wireguard: allowedips: add missing __rcu annotation to satisfy sparse . - wireguard: device: reset peer src endpoint when netns exits . - wireguard: ratelimiter: use kvcalloc instead of kvzalloc . - wireguard: receive: drop handshakes if queue lock is contended . - wireguard: receive: use ring buffer for incoming handshakes . - wireguard: selftests: actually test for routing loops . - wireguard: selftests: increase default dmesg log size . - wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma . - x86/platform/uv: Add more to secondary CPU kdump info . - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set . - xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending . - xhci: avoid race between disable slot command and host runtime suspend . - xhci: fix unsafe memory usage in xhci tracing . Special Instructions and Notes: Please reboot the system after installing this update.