The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation could have been used by local attackers to create raw sockets, bypassing security mechanisms . - CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory corruption or a denial of service when changing screen size . - CVE-2020-0432: Fixed an out of bounds write due to an integer overflow . - CVE-2020-0427: Fixed an out of bounds read due to a use after free . - CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check . - CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause . - CVE-2020-25212: Fixed getxattr kernel panic and memory overflow . - CVE-2020-25284: Fixed an incomplete permission checking for access to rbd devices, which could have been leveraged by local attackers to map or unmap rbd block devices . - CVE-2020-14381: Fixed requeue paths such that filp was valid when dropping the references . - CVE-2019-25643: Fixed an improper input validation in ppp_cp_parse_cr function which could have led to memory corruption and read overflow . - CVE-2020-25641: Fixed ann issue where length bvec was causing softlockups . The following non-security bugs were fixed: - 9p: Fix memory leak in v9fs_mount . - ACPI: EC: Reference count query handlers under lock . - airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE . - airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE . - airo: Fix read overflows sending packets . - ALSA: asihpi: fix iounmap in error handler . - ALSA: firewire-digi00x: exclude Avid Adrenaline from detection . - ALSA; firewire-tascam: exclude Tascam FE-8 from detection . - ALSA: hda: Fix 2 channel swapping for Tegra . - ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled . - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A . - ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen . - altera-stapl: altera_get_note: prevent write beyond end of "key" . - ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter . - arm64: KVM: Do not generate UNDEF when LORegion feature is present . - arm64: KVM: regmap: Fix unexpected switch fall-through . - asm-generic: fix -Wtype-limits compiler warnings . - ASoC: kirkwood: fix IRQ error handling . - ASoC: tegra: Fix reference count leaks . - ath10k: fix array out-of-bounds access . - ath10k: fix memory leak for tpc_stats_final . - ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read . - batman-adv: Add missing include for in_interrupt . - batman-adv: Avoid uninitialized chaddr when handling DHCP . - batman-adv: bla: fix type misuse for backbone_gw hash indexing . - batman-adv: bla: use netif_rx_ni when not in interrupt context . - batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh . - batman-adv: mcast/TT: fix wrongly dropped or rerouted packets . - bcache: Convert pr_ less than level greater than uses to a more typical style . - bcache: fix overflow in offset_to_stripe . - bcm63xx_enet: correct clock usage . - bcm63xx_enet: do not write to random DMA channel on BCM6345 . - bitfield.h: do not compile-time validate _val in FIELD_FIT . - blktrace: fix debugfs use after free . - block: add docs for gendisk / request_queue refcount helpers . - block: revert back to synchronous request_queue removal . - block: Use non _rcu version of list functions for tag_set_list . - Bluetooth: Fix refcount use-after-free issue . - Bluetooth: guard against controllers sending zero"d events . - Bluetooth: Handle Inquiry Cancel error after Inquiry Complete . - Bluetooth: L2CAP: handle l2cap config request during open state . - Bluetooth: prefetch channel before killing sock . - bnxt_en: Fix completion ring sizing with TPA enabled . - bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM . - btrfs: require only sector size alignment for parent eb bytenr . - btrfs: tree-checker: fix the error message for transid error . - ceph: do not allow setlease on cephfs . - ceph: fix potential mdsc use-after-free crash . - ceph: fix use-after-free for fsc- greater than mdsc . - ceph: handle zero-length feature mask in session messages . - cfg80211: regulatory: reject invalid hints . - cifs: Fix leak when handling lease break for cached root fid . - cifs/smb3: Fix data inconsistent when punch hole . - cifs/smb3: Fix data inconsistent when zero file range . - clk: Add clk_get_optional functions . - clk: rockchip: Fix initialization of mux_pll_src_4plls_p . - clk: samsung: exynos4: mark "chipid" clock as CLK_IGNORE_UNUSED . - clk/ti/adpll: allocate room for terminating null . - clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init . - cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode . - dmaengine: at_hdmac: check return value of of_find_device_by_node in at_dma_xlate . - dmaengine: of-dma: Fix of_dma_router_xlate"s of_dma_xlate handling . - dmaengine: pl330: Fix burst length if burst size is smaller than bus width . - dmaengine: tegra-apb: Prevent race conditions on channel"s freeing . - dmaengine: zynqmp_dma: fix burst length configuration . - dm crypt: avoid truncating the logical block size . - dm: fix redundant IO accounting for bios that need splitting . - dm integrity: fix a deadlock due to offloading to an incorrect workqueue . - dm integrity: fix integrity recalculation that is improperly skipped . - dm: report suspended device during destroy . - dm rq: do not call blk_mq_queue_stopped in dm_stop_queue . - dm: use noio when sending kobject event . - dm writecache: add cond_resched to loop in persistent_memory_claim . - dm writecache: correct uncommitted_block when discarding uncommitted entry . - dm zoned: assign max_io_len correctly . - drivers: char: tlclk.c: Avoid data race between init and interrupt handler . - Drivers: hv: Specify receive buffer size using Hyper-V page size . - Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload . - drivers/net/wan/x25_asy: Fix to make it work . - drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic . - drm/amd/display: fix ref count leak in amdgpu_drm_ioctl . - drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails . - drm/amdgpu: Fix buffer overflow in INFO ioctl . - drm/amdgpu: Fix bug in reporting voltage for CIK . - drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms . - drm/amdgpu: increase atombios cmd timeout . - drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table . - drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table . - drm/amdkfd: fix a memory leak issue . - drm/amdkfd: Fix reference count leaks . - drm/amd/pm: correct Vega10 swctf limit setting . - drm/amd/pm: correct Vega12 swctf limit setting . - drm/ast: Initialize DRAM type before posting GPU * context changes - drm/mediatek: Add exception handing in mtk_drm_probe if component init fail . - drm/mediatek: Add missing put_device call in mtk_hdmi_dt_parse_pdata . - drm/msm/a5xx: Always set an OPP supported hardware value . - drm/msm: add shutdown support for display platform_driver . - drm/msm: Disable preemption on all 5xx targets . - drm/msm: fix leaks if initialization fails . - drm/msm/gpu: make ringbuffer readonly * context changes - drm/nouveau/debugfs: fix runtime pm imbalance on error . - drm/nouveau/dispnv50: fix runtime pm imbalance on error . - drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open . - drm/nouveau: Fix reference count leak in nouveau_connector_detect . - drm/nouveau: fix reference count leak in nv50_disp_atomic_commit . - drm/nouveau: fix runtime pm imbalance on error . - drm/omap: fix possible object reference leak . - drm/radeon: fix multiple reference count leak . - drm/radeon: Prefer lower feedback dividers . - drm/radeon: revert "Prefer lower feedback dividers" . - drm/sun4i: Fix dsi dcs long write function . - drm/sun4i: sun8i-csc: Secondary CSC register correction . - drm/tve200: Stabilize enable/disable . - drm/vc4/vc4_hdmi: fill ASoC card owner . - e1000: Do not perform reset in reset_task if we are already down . - EDAC: Fix reference count leaks . - fbcon: prevent user font height or width change from causing - Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race . - ftrace: Move RCU is watching check after recursion check . - ftrace: Setup correct FTRACE_FL_REGS flags for module . - gma/gma500: fix a memory disclosure bug due to uninitialized bytes . - gpio: tc35894: fix up tc35894 interrupt configuration . - gtp: add missing gtp_encap_disable_sock in gtp_encap_enable . - gtp: fix Illegal context switch in RCU read-side critical section . - gtp: fix use-after-free in gtp_newlink . - Hide e21a4f3a930c as of its duplication - HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage . - hsr: use netdev_err instead of WARN_ONCE . - hv_utils: drain the timesync packets on onchannelcallback . - hv_utils: return error if host timesysnc update is stale . - hwmon: check status earlier . - i2c: core: Do not fail PRP0001 enumeration when no ID table exist . - i2c: cpm: Fix i2c_ram structure . - ibmvnic: add missing parenthesis in do_reset . - ieee802154/adf7242: check status of adf7242_read_reg . - ieee802154: fix one possible memleak in ca8210_dev_com_init . - iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak . - iio: accel: kxsd9: Fix alignment of local buffer . - iio:accel:mma7455: Fix timestamp alignment and prevent data leak . - iio:adc:ina2xx Fix timestamp alignment issue . - iio: adc: mcp3422: fix locking on error path . - iio: adc: mcp3422: fix locking scope . - iio:adc:ti-adc081c Fix alignment and data leak issues . - iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set . - iio: improve IIO_CONCENTRATION channel type description . - iio:light:ltr501 Fix timestamp alignment issue . - iio:light:max44000 Fix timestamp alignment and prevent data leak . - iio:magnetometer:ak8975 Fix alignment and data leak issues . - include: add additional sizes . - iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE . - iommu/amd: Fix potential @entry null deref . - iommu/amd: Print extended features in one line to fix divergent log levels . - iommu/amd: Re-factor guest virtual APIC activation code . - iommu/amd: Restore IRTE.RemapEn bit after programming IRTE . - iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode . - iommu/amd: Use cmpxchg_double when updating 128-bit IRTE . - iommu/exynos: add missing put_device call in exynos_iommu_of_xlate . - iommu/omap: Check for failure of a call to omap_iommu_dump_ctx . - iommu/vt-d: Serialize IOMMU GCMD register modifications . - kernel-syms.spec.in: Also use bz compression . - KVM: arm64: Change 32-bit handling of VM system registers . - KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and non-VHE . - KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put for VHE . - KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put . - KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on VHE . - KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions . - KVM: arm64: Do not deactivate VM on VHE systems . - KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems . - KVM: arm64: Factor out fault info population and gic workarounds . - KVM: arm64: Fix order of vcpu_write_sys_reg arguments . - KVM: arm64: Forbid kprobing of the VHE world-switch code . - KVM: arm64: Improve debug register save/restore flow . - KVM: arm64: Introduce framework for accessing deferred sysregs . - KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions . - KVM: arm64: Introduce VHE-specific kvm_vcpu_run . - KVM: arm64: Move common VHE/non-VHE trap config in separate functions . - KVM: arm64: Move debug dirty flag calculation out of world switch . - KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag . - KVM: arm64: Move userspace system registers into separate function . - KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers . - KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1 . - KVM: arm64: Remove kern_hyp_va use in VHE switch function . - KVM: arm64: Remove noop calls to timer save/restore from VHE switch . - KVM: arm64: Rework hyp_panic for VHE and non-VHE . - KVM: arm64: Rewrite sysreg alternatives to static keys . - KVM: arm64: Rewrite system register accessors to read/write functions . - KVM: arm64: Slightly improve debug save/restore functions . - KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions . - KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE . - KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN . - KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs . - KVM: arm/arm64: Get rid of vcpu- greater than arch.irq_lines . - KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on VHE . - KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init . - KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load . - KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1 . - KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe . - KVM: introduce kvm_arch_vcpu_async_ioctl . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs . - KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate . - KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n . - KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code . - KVM: SVM: Add a dedicated INVD intercept routine . - KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM . - KVM: SVM: fix svn_pin_memory"s use of get_user_pages_fast . - KVM: Take vcpu- greater than mutex outside vcpu_load . - libceph: allow setting abort_on_full for rbd . - libnvdimm: cover up nvdimm_security_ops changes . - libnvdimm: cover up struct nvdimm changes . - libnvdimm/security, acpi/nfit: unify zero-key for all security commands . - libnvdimm/security: fix a typo . - libnvdimm/security: Introduce a "frozen" attribute . - lib/raid6: use vdupq_n_u8 to avoid endianness warnings . - mac802154: tx: fix use-after-free . - md: raid0/linear: fix dereference before null check on pointer mddev . - media: davinci: vpif_capture: fix potential double free . - media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq . - media: smiapp: Fix error handling at NVM reading . - media: ti-vpe: cal: Restrict DMA to avoid memory corruption . - mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs . - mfd: mfd-core: Protect against NULL call-back function pointer . - mm: Avoid calling build_all_zonelists_init under hotplug context . - mmc: cqhci: Add cqhci_deactivate . - mmc: sdhci-msm: Add retries when all tuning phases are found valid . - mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers . - mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models . - mm/page_alloc.c: fix a crash in free_pages_prepare . - mm/vmalloc.c: move "area- greater than pages" after if statement . - mtd: cfi_cmdset_0002: do not free cfi- greater than cfiq in error path of cfi_amdstd_setup . - mtd: lpddr: Fix a double free in probe . - mtd: phram: fix a double free issue in error path . - mtd: properly check all write ioctls for permissions . - net: dsa: b53: Fix sparse warnings in b53_mmap.c . - net: dsa: b53: Use strlcpy for ethtool::get_strings . - net: dsa: mv88e6xxx: fix 6085 frame mode masking . - net: dsa: mv88e6xxx: Fix interrupt masking on removal . - net: dsa: mv88e6xxx: Fix name of switch 88E6141 . - net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge . - net: dsa: mv88e6xxx: Unregister MDIO bus on error path . - net: dsa: qca8k: Allow overwriting CPU port setting . - net: dsa: qca8k: Enable RXMAC when bringing up a port . - net: dsa: qca8k: Force CPU port to its highest bandwidth . - net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init . - net: fs_enet: do not call phy_stop in interrupts . - net: initialize fastreuse on inet_inherit_port . - net: lan78xx: Bail out if lan78xx_get_endpoints fails . - net: lan78xx: replace bogus endpoint lookup . - net: lio_core: fix potential sign-extension overflow on large shift . - net/mlx5: Add meaningful return codes to status_to_err function . - net/mlx5: E-Switch, Use correct flags when configuring vlan . - net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded . - net: mvneta: fix mtu change on port without link . - net-next: ax88796: Do not free IRQ in ax_remove . - net/nfc/rawsock.c: add CAP_NET_RAW check . - net: qca_spi: Avoid packet drop during initial sync . - net: qca_spi: Make sure the QCA7000 reset is triggered . - net: refactor bind_bucket fastreuse into helper . - net/smc: fix dmb buffer shortage . - net/smc: fix restoring of fallback changes . - net/smc: fix sock refcounting in case of termination . - net/smc: improve close of terminated socket . - net/smc: Prevent kernel-infoleak in __smc_diag_dump . - net/smc: remove freed buffer from list . - net/smc: reset sndbuf_desc if freed . - net/smc: set rx_off for SMCR explicitly . - net/smc: switch smcd_dev_list spinlock to mutex . - net/smc: tolerate future SMCD versions . - net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing . - net: stmmac: Disable ACS Feature for GMAC greater than = 4 . - net: stmmac: do not stop NAPI processing when dropping a packet . - net: stmmac: dwmac4: fix flow control issue . - net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA reset function . - net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array . - net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration . - net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b . - net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs . - net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode . - net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock . - net: stmmac: Fix error handling path in "alloc_dma_rx_desc_resources" . - net: stmmac: Fix error handling path in "alloc_dma_tx_desc_resources" . - net: stmmac: rename dwmac4_tx_queue_routing to match reality . - net: stmmac: set MSS for each tx DMA channel . - net: stmmac: Use correct values in TQS/RQS fields . - net-sysfs: add a newline when printing "tx_timeout" by sysfs . - net: systemport: Fix software statistics for SYSTEMPORT Lite . - net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb . - net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE . - net: ucc_geth - fix Oops when changing number of buffers in the ring . - NFSv4: do not mark all open state for recovery when handling recallable state revoked flag . - nvme-fc: set max_segments to lldd max value . - nvme-pci: override the value of the controller"s numa node . - ocfs2: give applications more IO opportunities during fstrim . - omapfb: fix multiple reference count leaks due to pm_runtime_get_sync . - PCI/ASPM: Allow re-enabling Clock PM . - PCI: Fix pci_create_slot reference count leak . - PCI: qcom: Add missing ipq806x clocks in PCIe driver . - PCI: qcom: Add missing reset for ipq806x . - PCI: qcom: Add support for tx term offset for rev 2.1.0 . - PCI: qcom: Define some PARF params needed for ipq8064 SoC . - PCI: rcar: Fix incorrect programming of OB windows . - phy: samsung: s5pv210-usb2: Add delay after reset . - pinctrl: mvebu: Fix i2c sda definition for 98DX3236 . - powerpc/64s: Blacklist functions invoked on a trap . - powerpc/64s: Fix HV NMI vs HV interrupt recoverability test . - powerpc/64s: Fix unrelocated interrupt trampoline address test . - powerpc/64s: Include less than asm/nmi.h greater than header file to fix a warning . - powerpc/64s: machine check do not trace real-mode handler . - powerpc/64s: sreset panic if there is no debugger or crash dump handlers . - powerpc/64s: system reset interrupt preserve HSRRs . - powerpc: Add cputime_to_nsecs . - powerpc/book3s64/radix: Add kernel command line option to disable radix GTSE . - powerpc/book3s64/radix: Fix boot failure with large amount of guest memory . - powerpc: Implement ftrace_enabled helpers . - powerpc/init: Do not advertise radix during client-architecture-support . - powerpc/kernel: Cleanup machine check function declarations . - powerpc/kernel: Enables memory hot-remove after reboot on pseries guests . - powerpc/mm: Enable radix GTSE only if supported . - powerpc/mm: Limit resize_hpt_for_hotplug call to hash guests only . - powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64 . - powerpc/powernv: Remove real mode access limit for early allocations . - powerpc/prom: Enable Radix GTSE in cpu pa-features . - powerpc/pseries/le: Work around a firmware quirk . - powerpc/pseries: lift RTAS limit for radix . - powerpc/pseries: Limit machine check stack to 4GB . - powerpc/pseries: Machine check use rtas_call_unlocked with args on stack . - powerpc/pseries: radix is not subject to RMA limit, remove it . - powerpc/pseries/ras: Avoid calling rtas_token in NMI paths . - powerpc/pseries/ras: Fix FWNMI_VALID off by one . - powerpc/pseries/ras: fwnmi avoid modifying r3 in error case . - powerpc/pseries/ras: fwnmi sreset should not interlock . - powerpc/traps: Do not trace system reset . - powerpc/traps: fix recoverability of machine check handling on book3s/32 . - powerpc/traps: Make unrecoverable NMIs die instead of panic . - powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S . - power: supply: max17040: Correct voltage reading . - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt . - regulator: push allocation in set_consumer_device_supply out of lock . - rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules . - rpm/constraints.in: recognize also kernel-source-azure - rpm/kernel-binary.spec.in: Also sign ppc64 kernels . - rpm/kernel-cert-subpackage: add CA check on key enrollment To avoid the unnecessary key enrollment, when enrolling the signing key of the kernel package, "--ca-check" is added to mokutil so that mokutil will ignore the request if the CA of the signing key already exists in MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only defined in a kernel module package , it"s used to determine whether the %post script is running in a kernel package, or a kernel module package. - rpm/kernel-source.spec.in: Also use bz compression . - rpm/macros.kernel-source: pass -c proerly in kernel module package The "-c" option wasn"t passed down to %_kernel_module_package so the ueficert subpackage wasn"t generated even if the certificate is specified in the spec file. - rtc: ds1374: fix possible race condition . - rtlwifi: rtl8192cu: Prevent leaking urb . - rxrpc: Fix race between recvmsg and sendmsg on immediate call failure . - rxrpc: Fix sendmsg returning EPIPE due to recvmsg returning ENODATA . - s390/mm: fix huge pte soft dirty copying . - s390/qeth: do not process empty bridge port events . - s390/qeth: integrate RX refill worker with NAPI . - s390/qeth: tolerate pre-filled RX buffer . - scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del . - scsi: fnic: Do not call "scsi_done" for unhandled commands . - scsi: ibmvfc: Avoid link down on FS9100 canister reboot . - scsi: ibmvfc: Use compiler attribute defines instead of __attribute__ . - scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling getpeername . - scsi: libfc: Fix for double free . - scsi: libfc: free response frame from GPN_ID . - scsi: libfc: Free skb in fc_disc_gpn_id_resp for valid cases . - scsi: lpfc: Add dependency on CPU_FREQ . - scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask . - scsi: qla2xxx: Fix regression on sparc64 . - scsi: qla2xxx: Fix the return value . - scsi: qla2xxx: Fix the size used in a "dma_free_coherent" call . - scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba . - scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg . - scsi: qla2xxx: Handle incorrect entry_type entries . - scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle . - scsi: qla2xxx: Remove pci-dma-compat wrapper API . - scsi: qla2xxx: Remove redundant variable initialization . - scsi: qla2xxx: Remove superfluous memset . - scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle . - scsi: qla2xxx: Suppress two recently introduced compiler warnings . - scsi: qla2xxx: Warn if done or free are called on an already freed srb . - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186 . - sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210 . - serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout . - serial: 8250_omap: Fix sleeping function called from invalid context during probe . - serial: 8250_port: Do not service RX FIFO if throttled . - Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y . - SMB3: Honor persistent/resilient handle flags for multiuser mounts . - SMB3: Honor "seal" flag for multiuser mounts . - SMB3: warn on confusing error scenario with sec=krb5 . - stmmac: Do not access tx_q- greater than dirty_tx before netif_tx_lock . - tcp: apply a floor of 1 for RTT samples from TCP timestamps . - thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430 . - tools/power/cpupower: Fix initializer override in hsw_ext_cstates . - USB: core: fix slab-out-of-bounds Read in read_descriptors . - USB: dwc3: Increase timeout for CmdAct cleared by device controller . - USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe . - USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int . - USB: Fix out of sync data toggle if a configured device is reconfigured . - USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb . - USB: gadget: f_ncm: Fix NDP16 datagram validation . - USB: gadget: u_f: add overflow checks to VLA macros . - USB: gadget: u_f: Unbreak offset calculation in VLAs . - USB: hso: check for return value in hso_serial_common_create . - usblp: fix race between disconnect and read . - USB: lvtest: return proper error code in probe . - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set . - USB: qmi_wwan: add D-Link DWM-222 A2 device ID . - USB: quirks: Add no-lpm quirk for another Raydium touchscreen . - USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook . - USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D . - USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter . - USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules . - USB: serial: option: support dynamic Quectel USB compositions . - USB: sisusbvga: Fix a potential UB casued by left shifting a negative value . - USB: storage: Add unusual_uas entry for Sony PSZ drives . - USB: typec: ucsi: acpi: Check the _DEP dependencies . - USB: uas: Add quirk for PNY Pro Elite . - USB: UAS: fix disconnect by unplugging a hub . - USB: yurex: Fix bad gfp argument . - vgacon: remove software scrollback support . - video: fbdev: fix OOB read in vga_8planes_imageblit . - virtio-blk: free vblk-vqs in error path of virtblk_probe . - vrf: prevent adding upper devices . - vxge: fix return of a free"d memblock on a failed dma mapping . - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task . - xen: do not reschedule in preemption off sections . - xen/events: do not use chip_data for legacy IRQs . - xen uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information . - xhci: Do warm-reset when both CAS and XDEV_RESUME are set . - yam: fix possible memory leak in yam_init_driver . Special Instructions and Notes: Please reboot the system after installing this update.