The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot . * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. * CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes . * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak . * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink . * CVE-2017-5753: Fixed spectre vulnerability in prlimit . * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c . * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c . * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM . * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c . * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality . * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex . * CVE-2023-1582: Fixed soft lockup in __page_mapcount . * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact . * CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c . The following non-security bugs were fixed: * ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable . * alarmtimer: Prevent starvation by small intervals and SIG_IGN * ALSA: asihpi: check pao in control_message . * ALSA: hda: intel-dsp-config: add MTL PCI id . * ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set . * ALSA: hda/conexant: Partial revert of a quirk for Lenovo . * ALSA: hda/realtek: Add quirk for Clevo X370SNW . * ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z . * ALSA: hda/realtek: Add quirks for some Clevo laptops . * ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform . * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook . * ALSA: hda/realtek: Fix support for Dell Precision 3260 . * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro . * ALSA: usb-audio: Fix recursive locking at XRUN during syncing . * ALSA: usb-audio: Fix regression on detection of Roland VS-100 . * ALSA: ymfpci: Fix BUG_ON in probe function . * arch: fix broken BuildID for arm64 and riscv . * ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl . * ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl . * arm64: dts: freescale: Fix pca954x i2c-mux node names * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name . * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes . * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property * arm64: dts: imx8mp: correct usb clocks * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent . * arm64/cpufeature: Fix field sign for DIT hwcap detection * ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds . * atm: idt77252: fix kmemleak when rmmod idt77252 . * Bluetooth: btqcomsmd: Fix command timeout after setting BD address . * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work . * Bluetooth: L2CAP: Fix responding with wrong PDU type . * ca8210: fix mac_len negative array access . * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx . * can: bcm: bcm_tx_setup: fix KMSAN uninit-value in vfs_write . * can: isotp: isotp_ops: fix poll to not report false EPOLLOUT events . * can: j1939: j1939_tp_tx_dat_new: fix out-of-bounds memory access . * cifs: append path to open_enter trace event . * cifs: avoid race conditions with parallel reconnects . * cifs: avoid races in parallel reconnects in smb1 . * cifs: check only tcon status on tcon related functions . * cifs: do not poll server interfaces too regularly . * cifs: double lock in cifs_reconnect_tcon . * cifs: dump pending mids for all channels in DebugData . * cifs: empty interface list when server does not support query interfaces . * cifs: fix dentry lookups in directory handle cache . * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL . * cifs: fix missing unload_nls in smb2_reconnect . * cifs: Fix smb2_set_path_size . * cifs: fix use-after-free bug in refresh_cache_worker . * cifs: generate signkey for the channel that"s reconnecting . * cifs: get rid of dead check in smb2_reconnect . * cifs: lock chan_lock outside match_session . * cifs: Move the in_send statistic to __smb_send_rqst . * cifs: prevent infinite recursion in CIFSGetDFSRefer . * cifs: print session id while listing open files . * cifs: return DFS root session id in DebugData . * cifs: set DFS root session in cifs_get_smb_ses . * cifs: use DFS root session instead of tcon ses . * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown . * debugfs: add debugfs_lookup_and_remove . * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES . * drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist . * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub . * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes . * drm/amdkfd: Fix an illegal memory access . * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found . * drm/etnaviv: fix reference leak when mmaping imported buffer . * drm/i915: Do not use BAR mappings for ring buffers with LLC . * drm/i915: Do not use stolen memory for ring buffers with LLC . * drm/i915: Preserve crtc_state- greater than inherited during state clearing . * drm/i915: Remove unused bits of i915_vma/active api . * drm/i915/active: Fix missing debug object activation . * drm/i915/active: Fix misuse of non-idle barriers as fence trackers . * drm/i915/display: clean up comments . * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled . * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip . * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area . * drm/i915/gt: perform uc late init after probe error injection . * drm/i915/psr: Use calculated io and fast wake lines . * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state . * drm/panfrost: Fix the panfrost_mmu_map_fault_addr error path . * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs . * efi: sysfb_efi: Fix DMI quirks not working for simpledrm . * fbdev: au1200fb: Fix potential divide by zero . * fbdev: intelfb: Fix potential divide by zero . * fbdev: lxfb: Fix potential divide by zero . * fbdev: nvidia: Fix potential divide by zero . * fbdev: stifb: Provide valid pixelclock and add fb_check_var checks . * fbdev: tgafb: Fix potential divide by zero . * firmware: arm_scmi: Fix device node validation for mailbox transport . * fotg210-udc: Add missing completion handler . * ftrace: Fix invalid address access in lookup_rec when index is 0 . * ftrace: Fix issue that "direct- greater than addr" not restored in modify_ftrace_direct . * ftrace: Mark get_lock_parent_ip __always_inline . * gpio: davinci: Add irq chip flag to skip set wake . * gpio: GPIO_REGMAP: select REGMAP instead of depending on it . * HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded . * HID: intel-ish-hid: ipc: Fix potential use-after-free in work function . * hwmon: fix potential sensor registration fail if of_node is missing . * i2c: hisi: Only use the completion interrupt to finish the transfer . * i2c: imx-lpi2c: check only for enabled interrupt flags . * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer . * iio: adc: ad7791: fix IRQ flags . * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip . * iio: adis16480: select CONFIG_CRC32 . * iio: dac: cio-dac: Fix max DAC write value check for 12-bit . * iio: light: cm32181: Unregister second I2C client if present . * Input: alps - fix compatibility with -funsigned-char . * Input: focaltech - use explicitly signed char type . * Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table . * KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled . * kABI workaround for xhci . * kABI: x86/msr: Remove .fixup usage . * kconfig: Update config changed flag before calling callback . * keys: Do not cache key in task struct if key is requested from kernel thread . * KVM: x86: fix sending PV IPI . * KVM: x86: fix sending PV IPI . * lan78xx: Add missing return code checks . * lan78xx: Fix exception on link speed change . * lan78xx: Fix memory allocation bug . * lan78xx: Fix partial packet errors on suspend/resume . * lan78xx: Fix race condition in disconnect handling . * lan78xx: Fix race conditions in suspend/resume handling . * lan78xx: Fix white space and style issues . * lan78xx: Remove unused pause frame queue . * lan78xx: Remove unused timer . * lan78xx: Set flow control threshold to prevent packet loss . * lockd: set file_lock start and end when decoding nlm4 testargs . * locking/rwbase: Mitigate indefinite writer starvation . * mm: memcg: fix swapcached stat accounting . * mm: mmap: remove newline at the end of the trace . * mmc: atmel-mci: fix race between stop command and start of next command . * mtd: rawnand: meson: fix bitmask for length in command word . * mtd: rawnand: meson: invalidate cache on polling ECC bit . * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode . * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min . * mtdblock: tolerate corrected bit-flips . * net: asix: fix modprobe "sysfs: cannot create duplicate filename" . * net: mdio: thunder: Add missing fwnode_handle_put . * net: phy: dp83869: fix default value for tx-/rx-internal-delay . * net: phy: Ensure state transitions are processed from phy_stop . * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit . * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails . * net: qcom/emac: Fix use after free bug in emac_remove due to race condition . * net: usb: asix: remove redundant assignment to variable reg . * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 . * net: usb: lan78xx: Limit packet length to skb- greater than len . * net: usb: qmi_wwan: add Telit 0x1080 composition . * net: usb: smsc75xx: Limit packet length to skb- greater than len . * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull . * net: usb: smsc95xx: Limit packet length to skb- greater than len . * net: usb: use eth_hw_addr_set . * NFS: Fix an Oops in nfs_d_automount . * NFS: fix disabling of swap . * NFS4trace: fix state manager flag printing . * NFSD: fix handling of readdir in v4root vs. mount upcall timeout . * NFSD: fix leaked reference count of nfsd4_ssc_umount_item . * NFSD: fix problems with cleanup on errors in nfsd4_copy . * NFSD: fix race to check ls_layouts . * NFSD: fix use-after-free in nfsd4_ssc_setup_dul . * NFSD: Protect against filesystem freezing . * NFSD: shut down the NFSv4 state objects before the filecache . * NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure . * NFSD: zero out pointers after putting nfsd_files on COPY setup error . * NFSv4: Fix a credential leak in _nfs4_discover_trunking . * NFSv4: Fix a deadlock between nfs4_open_recover_helper and delegreturn . * NFSv4: Fix hangs when recovering open state after a server reboot . * NFSv4: keep state manager thread active if swap is enabled . * NFSv4: provide mount option to toggle trunking discovery . * NFSv4: Fix initialisation of struct nfs4_label . * NFSv4: Fail client initialisation if state manager thread can"t run . * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy . * nilfs2: fix sysfs interface lifetime . * nvme-tcp: always fail a request when sending it failed . * PCI: hv: Add a per-bus mutex state_lock . * PCI: hv: fix a race condition bug in hv_pci_query_relations . * PCI: hv: Fix a race condition in hv_irq_unmask that can cause panic . * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev . * PCI: hv: Use async probing to reduce boot time . * PCI/DPC: Await readiness of secondary bus after reset . * pinctrl: amd: Disable and mask interrupts on resume . * pinctrl: at91-pio4: fix domain name assignment . * pinctrl: ocelot: Fix alt mode for ocelot . * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl . * platform/x86: think-lmi: add debug_cmd . * platform/x86: think-lmi: add missing type attribute . * platform/x86: think-lmi: Add possible_values for ThinkStation . * platform/x86: think-lmi: Certificate authentication support . * platform/x86: think-lmi: certificate support clean ups . * platform/x86: think-lmi: Clean up display of current_value on Thinkstation . * platform/x86: think-lmi: Fix memory leak when showing current settings . * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings . * platform/x86: think-lmi: Move kobject_init call into tlmi_create_auth . * platform/x86: think-lmi: only display possible_values if available . * platform/x86: think-lmi: Opcode support . * platform/x86: think-lmi: Prevent underflow in index_store . * platform/x86: think-lmi: Simplify tlmi_analyze error handling a bit . * platform/x86: think-lmi: use correct possible_values delimiters . * platform/x86: think-lmi: Use min_t for comparison and assignment . * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init returning -ENODEV . * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops . * platform/x86: thinkpad_acpi: Add dual fan probe . * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g . * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey helper . * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs . * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs . * platform/x86: thinkpad_acpi: Add PSC mode support . * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan . * platform/x86: thinkpad_acpi: clean up dytc profile convert . * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available . * platform/x86: thinkpad_acpi: consistently check fan_get_status return . * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks . * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups . * platform/x86: thinkpad_acpi: Correct dual fan probe . * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms . * platform/x86: thinkpad_acpi: Do not use test_bit on an integer . * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type . * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup . * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource . * platform/x86: thinkpad_acpi: Fix coccinelle warnings . * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable . * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms . * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight . * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode . * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms . * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models . * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place . * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting . * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 . * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once . * platform/x86: thinkpad_acpi: Make *_init functions return -ENODEV instead of 1 . * platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init . * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init . * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init . * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag . * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr . * platform/x86: thinkpad_acpi: Simplify dytc_version handling . * platform/x86: thinkpad_acpi: Switch to common use of attributes . * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs . * platform/x86: thinkpad_acpi: Use backlight helper . * platform/x86: thinkpad_acpi: use strstarts . * platform/x86: thinkpad-acpi: Add support for automatic mode transitions . * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems . * platform/x86: thinkpad-acpi: profile capabilities as integer . * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix . * pNFS/filelayout: Fix coalescing test for single DS . * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition . * powerpc: Remove linker flag from KBUILD_AFLAGS . * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch . * powerpc/btext: add missing of_node_put . * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries . * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart . * powerpc/iommu: fix memory leak with using debugfs_lookup . * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation . * powerpc/kexec_file: fix implicit decl error . * powerpc/powernv: fix missing of_node_put in uv_init . * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE . * powerpc/pseries/lpar: add missing RTAS retry status handling . * powerpc/pseries/lparcfg: add missing RTAS retry status handling . * powerpc/rtas: ensure 4KB alignment for rtas_data_buf . * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT . * powerpc/vmlinux.lds: Do not discard .comment . * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds . * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds . * ppc64le: HWPOISON_INJECT=m . * pwm: cros-ec: Explicitly set .polarity in .get_state . * pwm: sprd: Explicitly set .polarity in .get_state . * r8169: fix RTL8168H and RTL8107E rx crc error . * rcu: Fix rcu_torture_read ftrace event . * regulator: Handle deferred clk . * ring-buffer: Fix race while reader and writer are on the same page . * ring-buffer: Handle race between rb_move_tail and rb_check_pages . * ring-buffer: remove obsolete comment for free_buffer_page . * rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. * s390/boot: simplify and fix kernel memory layout setup . * s390/dasd: fix no record found for raw_track_access . * s390/vfio-ap: fix memory leak in vfio_ap device driver . * sbitmap: Avoid lockups when waker gets preempted . * sched/psi: Fix use-after-free in ep_remove_wait_queue . * scsi: qla2xxx: Synchronize the IOCB count to be in order . * sctp: sctp_sock_filter: avoid list_entry on possibly empty list . * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it . * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED . * serial: fsl_lpuart: Fix comment typo . * smb3: fix unusable share after force unmount failure . * smb3: lower default deferred close timeout to address perf regression . * struct dwc3: mask new member . * SUNRPC: ensure the matching upcall is in-flight upon downcall . * SUNRPC: Fix a server shutdown leak . * SUNRPC: Fix missing release socket in rpc_sockname . * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access . * thunderbolt: Call tb_check_quirks after initializing adapters . * thunderbolt: Disable interrupt auto clear for rings . * thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit . * thunderbolt: Use const qualifier for `ring_interrupt_index` . * thunderbolt: Use scale field when allocating USB3 bandwidth . * timers: Prevent union confusion from unexpected * trace/hwlat: Do not start per-cpu thread if it is already running . * trace/hwlat: Do not wipe the contents of per-cpu thread data . * trace/hwlat: make use of the helper function kthread_run_on_cpu . * tracing: Add NULL checks for buffer in ring_buffer_free_read_page . * tracing: Add trace_array_puts to write into instance . * tracing: Check field value in hist_field_name . * tracing: Do not let histogram values have some modifiers . * tracing: Fix wrong return in kprobe_event_gen_test.c . * tracing: Free error logs of tracing instances . * tracing: Have tracing_snapshot_instance_cond write errors to the appropriate instance . * tracing: Make splice_read available again . * tracing: Make tracepoint lockdep check actually test something . * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr . * tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty . * tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted . * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI . * tty: serial: sh-sci: Fix transmit end interrupt handler . * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 . * USB: cdns3: Fix issue with using incorrect PCI device function . * USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver . * USB: cdnsp: Fixes error: uninitialized symbol "len" . * USB: cdnsp: Fixes issue with redundant Status Stage . * USB: chipdea: core: fix return -EINVAL if request role is the same with current role . * USB: chipidea: fix memory leak with using debugfs_lookup . * USB: dwc2: fix a devres leak in hw_enable upon suspend resume . * USB: dwc3: Fix a typo in field name . * USB: dwc3: fix memory leak with using debugfs_lookup . * USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC . * USB: fix memory leak with using debugfs_lookup . * USB: fotg210: fix memory leak with using debugfs_lookup . * USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup . * USB: gadget: gr_udc: fix memory leak with using debugfs_lookup . * USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup . * USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup . * USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup . * USB: gadget: u_audio: do not let userspace block driver unbind . * USB: isp116x: fix memory leak with using debugfs_lookup . * USB: isp1362: fix memory leak with using debugfs_lookup . * USB: sl811: fix memory leak with using debugfs_lookup . * USB: typec: altmodes/displayport: Fix configure initial pin assignment . * USB: typec: tcpm: fix warning when handle discover_identity message . * USB: ucsi: Fix NULL pointer deref in ucsi_connector_change . * USB: ucsi: Fix ucsi- greater than connector race . * USB: uhci: fix memory leak with using debugfs_lookup . * USB: xhci: tegra: fix sleep in atomic call . * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready . * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta . * wifi: mac80211: fix qos on mesh interfaces . * wireguard: ratelimiter: use hrtimer in selftest * x86: Annotate call_on_stack . * x86: Annotate call_on_stack . * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments . * x86/bug: Merge annotate_reachable into _BUG_FLAGS asm . * x86/bug: Merge annotate_reachable into _BUG_FLAGS asm . * x86/fpu: Cache xfeature flags from CPUID . * x86/fpu: Remove unused supervisor only offsets . * x86/fpu: Remove unused supervisor only offsets . * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states . * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states . * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation . * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation . * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU . * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU . * x86/mce: Allow instrumentation during task work queueing . * x86/mce: Allow instrumentation during task work queueing . * x86/mce: Mark mce_end noinstr . * x86/mce: Mark mce_end noinstr . * x86/mce: Mark mce_panic noinstr . * x86/mce: Mark mce_panic noinstr . * x86/mce: Mark mce_read_aux noinstr . * x86/mce: Mark mce_read_aux noinstr . * x86/mce/inject: Avoid out-of-bounds write when setting flags . * x86/mce/inject: Avoid out-of-bounds write when setting flags . * x86/mm: Flush global TLB when switching to trampoline page-table . * x86/mm: Flush global TLB when switching to trampoline page-table . * x86/msr: Remove .fixup usage . * x86/sgx: Free backing memory after faulting the enclave page . * x86/sgx: Free backing memory after faulting the enclave page . * x86/sgx: Silence softlockup detection when releasing large enclaves . * x86/sgx: Silence softlockup detection when releasing large enclaves . * x86/uaccess: Move variable into switch case statement . * x86/uaccess: Move variable into switch case statement . * xfs: convert ptag flags to unsigned . * xfs: do not assert fail on perag references on teardown . * xfs: do not leak btree cursor when insrec fails after a split . * xfs: pass the correct cursor to xfs_iomap_prealloc_size . * xfs: remove xfs_setattr_time declaration . * xfs: zero inode fork buffer at allocation . * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu . * xhci: Free the command allocated for setting LPM if we return early . * xirc2ps_cs: Fix use after free bug in xirc2ps_detach . * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create . ## Special Instructions and Notes: * Please reboot the system after installing this update.