The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer , named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were fixed: - CVE-2022-0001: Fixed Branch History Injection vulnerability . - CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability . - CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary files . - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory . - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly . - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write . The following non-security bugs were fixed: - ACPI/IORT: Check node revision for PMCG resources . - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks . - ALSA: hda/realtek: Add quirk for ASUS GU603 . - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows . - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master . - ALSA: hda: Fix missing codec probe on Shenker Dock 15 . - ALSA: hda: Fix regression on forced probe mask option . - ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' . - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw . - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range . - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw . - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx . - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx . - Align s390 NVME target options with other architectures . - Drop PCI xgene patch that caused a regression for mxl4 - EDAC/xgene: Fix deferred probing . - HID:Add support for UGTABLET WP5540 . - IB/cma: Do not send IGMP leaves for sendonly Multicast groups . - IB/hfi1: Fix AIP early init panic . - KVM: remember position in kvm-greater than vcpus array . - NFSD: Fix the behavior of READ near OFFSET_MAX . - PM: hibernate: Remove register_nosave_region_late . - PM: s2idle: ACPI: Fix wakeup interrupts handling . - RDMA/cma: Use correct address when leaving multicast group . - RDMA/core: Always release restrack object - RDMA/cxgb4: check for ipv6 address properly while destroying listener - RDMA/siw: Release xarray entry - RDMA/ucma: Protect mc during concurrent multicast leaves . - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices . - USB: serial: cp210x: add CPI Bulk Coin Recycler id . - USB: serial: cp210x: add NCR Retail IO box id . - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 . - USB: serial: mos7840: remove duplicated 0xac24 device ID . - USB: serial: option: add ZTE MF286D modem . - ata: libata-core: Disable TRIM on M88V29 . - ax25: improve the incomplete fix to avoid UAF and NPD bugs . - blk-mq: always allow reserved allocation in hctx_may_queue . - blk-mq: avoid to iterate over stale request . - blk-mq: clear stale request in tags-greater than rq before freeing one request pool . - blk-mq: clearing flush request reference in tags-greater than rqs . - blk-mq: do not grab rq"s refcount in blk_mq_check_expired . - blk-mq: fix is_flush_rq . - blk-mq: fix kernel panic during iterating over flush request . - blk-mq: grab rq-greater than refcount before calling -greater than fn in blk_mq_tagset_busy_iter . - blk-mq: mark flush request as IDLE in flush_end_io . - blk-tag: Hide spin_lock . - block: avoid double io accounting for flush request . - block: do not send a rezise udev event for hidden block device . - block: mark flush request as IDLE when it is really finished . - bonding: pair enable_port with slave_arr_updates . - bpf: Adjust BTF log size limit . - bpf: Disallow BPF_LOG_KERNEL log level for bpf . - btrfs: check for missing device in btrfs_trim_fs . - btrfs: check worker before need_preemptive_reclaim . - btrfs: do not do preemptive flushing if the majority is global rsv . - btrfs: do not include the global rsv size in the preemptive used amount . - btrfs: handle preemptive delalloc flushing slightly differently . - btrfs: make sure SB_I_VERSION does not get unset by remount . - btrfs: only clamp the first time we have to start flushing . - btrfs: only ignore delalloc if delalloc is much smaller than ordered . - btrfs: reduce the preemptive flushing threshold to 90% . - btrfs: take into account global rsv in need_preemptive_reclaim . - btrfs: use the global rsv size in the preemptive thresh calculation . - ceph: properly put ceph_string reference after async create attempt . - ceph: set pool_ns in new inode layout for async creates . - drm/amdgpu: fix logic inversion in check . - drm/i915/gvt: Make DRM_I915_GVT depend on X86 . - drm/i915/gvt: clean up kernel-doc in gtt.c . - drm/i915/opregion: check port number bounds for SWSCI display power state . - drm/i915: Correctly populate use_sagv_wm for all pipes . - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV . - drm/panel: simple: Assign data from panel_dpi_probe correctly . - drm/radeon: Fix backlight control on iMac 12,1 . - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case . - drm/rockchip: vop: Correct RK3399 VOP register fields . - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd . - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer . - ext4: check for inconsistent extents between index and leaf block . - ext4: check for out-of-order index extents in ext4_valid_extent_entries . - ext4: prevent partial update of the extent blocks . - gve: Add RX context . - gve: Add a jumbo-frame device option . - gve: Add consumed counts to ethtool stats . - gve: Add optional metadata descriptor type GVE_TXD_MTD . - gve: Correct order of processing device options . - gve: Fix GFP flags when allocing pages . - gve: Fix off by one in gve_tx_timeout . - gve: Implement packet continuation for RX . - gve: Implement suspend/resume/shutdown . - gve: Move the irq db indexes out of the ntfy block struct . - gve: Recording rx queue before sending to napi . - gve: Recover from queue stall due to missed IRQ . - gve: Update gve_free_queue_page_list signature . - gve: Use kvcalloc instead of kvzalloc . - gve: fix for null pointer dereference . - gve: fix the wrong AdminQ buffer queue index check . - gve: fix unmatched u64_stats_update_end . - gve: remove memory barrier around seqno . - i2c: brcmstb: fix support for DSL and CM variants . - i40e: Fix for failed to init adminq while VF reset . - i40e: Fix issue when maximum queues is exceeded . - i40e: Fix queues reservation for XDP . - i40e: Increase delay to 1 s after global EMP reset . - i40e: fix unsigned stat widths . - ibmvnic: Allow queueing resets during probe . - ibmvnic: clear fop when retrying probe . - ibmvnic: complete init_done on transport events . - ibmvnic: define flush_reset_queue helper . - ibmvnic: do not release napi in __ibmvnic_open . - ibmvnic: free reset-work-item when flushing . - ibmvnic: init init_done_rc earlier . - ibmvnic: initialize rc before completing wait . - ibmvnic: register netdev after init of adapter . - ibmvnic: schedule failover only if vioctl fails . - ice: fix IPIP and SIT TSO offload . - ice: fix an error code in ice_cfg_phy_fec . - ima: Allow template selection with ima_template[_fmt]= after ima_hash= . - ima: Do not print policy rule with inactive LSM labels . - ima: Remove ima_policy file before directory . - integrity: Make function integrity_add_key static . - integrity: check the return value of audit_log_start . - integrity: double check iint_cache was initialized . - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable . - iommu/amd: Remove useless irq affinity notifier . - iommu/amd: Restore GA log/tail pointer on host resume . - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume . - iommu/amd: X2apic mode: re-enable after resume . - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask . - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure . - iommu/io-pgtable-arm: Fix table descriptor paddr formatting . - iommu/iova: Fix race between FQ timeout and teardown . - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping . - iwlwifi: fix use-after-free . - iwlwifi: pcie: fix locking when 'HW not ready' . - iwlwifi: pcie: gen2: fix locking when 'HW not ready' . - ixgbevf: Require large buffers for build_skb on 82599VF . - kABI fixup after adding vcpu_idx to struct kvm_cpu . - kABI: Fix kABI for AMD IOMMU driver . - kabi: Hide changes to s390/AP structures . - lib/iov_iter: initialize 'flags' in new pipe_buffer . - libsubcmd: Fix use-after-free for realloc . - md/raid5: fix oops during stripe resizing . - misc: fastrpc: avoid double fput on failed usercopy . - mmc: sdhci-of-esdhc: Check for error num after setting mask . - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status . - mtd: rawnand: gpmi: do not leak PM reference in error path . - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe . - net/ibmvnic: Cleanup workaround doing an EOI after partition migration . - net/mlx5e: Fix handling of wrong devices during bond netevent . - net: macb: Align the dma and coherent dma masks . - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE . - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs . - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs . - net: phy: marvell: configure RGMII delays for 88E1118 . - net: usb: qmi_wwan: Add support for Dell DW5829e . - nfp: flower: fix ida_idx not being released . - nfsd: allow delegation state ids to be revoked and then freed . - nfsd: allow lock state ids to be revoked and then freed . - nfsd: allow open state ids to be revoked and then freed . - nfsd: do not admin-revoke NSv4.0 state ids . - nfsd: prepare for supporting admin-revocation of state . - nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts . - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info . - nvme: do not return an error from nvme_configure_metadata . - nvme: let namespace probing continue for unsupported features . - powerpc/64: Move paca allocation later in boot . - powerpc/64s: Fix debugfs_simple_attr.cocci warnings . - powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' . - powerpc/pseries: read the lpar name from the firmware . - powerpc: Set crashkernel offset to mid of RMA region . - powerpc: add link stack flush mitigation status in debugfs . - s390/AP: support new dynamic AP bus size limit . - s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant . - s390/bpf: Fix optimizing out zero-extensions . - s390/cio: make ccw_device_dma_* more robust . - s390/cio: verify the driver availability for path_event call . - s390/cpumf: Support for CPU Measurement Facility CSVN 7 . - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit . - s390/pci: add s390_iommu_aperture kernel parameter . - s390/pci: move pseudo-MMIO to prevent MIO overlap . - s390/protvirt: fix error return code in uv_info_init . - s390/sclp: fix Secure-IPL facility detection . - s390/uv: add prot virt guest/host indication files . - s390/uv: fix prot virt host indication compilation . - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h . - scsi: core: Add limitless cmd retry support . - scsi: core: No retries on abort success . - scsi: kABI fix for "eh_should_retry_cmd" . - scsi: lpfc: Add support for eh_should_retry_cmd . - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop . - scsi: qla2xxx: Add devids and conditionals for 28xx . - scsi: qla2xxx: Add marginal path handling support . - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues . - scsi: qla2xxx: Add qla2x00_async_done for async routines . - scsi: qla2xxx: Add retry for exec firmware . - scsi: qla2xxx: Check for firmware dump already collected . - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters . - scsi: qla2xxx: Fix device reconnect in loop topology . - scsi: qla2xxx: Fix premature hw access after PCI error . - scsi: qla2xxx: Fix scheduling while atomic . - scsi: qla2xxx: Fix stuck session in gpdb . - scsi: qla2xxx: Fix unmap of already freed sgl . - scsi: qla2xxx: Fix warning for missing error code . - scsi: qla2xxx: Fix warning message due to adisc being flushed . - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter . - scsi: qla2xxx: Implement ref count for SRB . - scsi: qla2xxx: Refactor asynchronous command initialization . - scsi: qla2xxx: Remove a declaration . - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t . - scsi: qla2xxx: Return -ENOMEM if kzalloc fails . - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair . - scsi: qla2xxx: Update version to 10.02.07.200-k . - scsi: qla2xxx: Update version to 10.02.07.300-k . - scsi: qla2xxx: edif: Fix clang warning . - scsi: qla2xxx: edif: Fix inconsistent check of db_flags . - scsi: qla2xxx: edif: Reduce connection thrash . - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe . - scsi: qla2xxx: edif: Tweak trace message . - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL . - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs . - scsi: target: iscsi: Fix cmd abort fabric stop race . - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices . - scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL . - staging/fbtft: Fix backlight . - staging: fbtft: Fix error path in fbtft_driver_module_init . - tracing: Do not inc err_log entry count if entry allocation fails . - tracing: Dump stacktrace trigger to the corresponding instance . - tracing: Fix smatch warning for null glob in event_hist_trigger_parse . - tracing: Have traceon and traceoff trigger honor the instance . - tracing: Propagate is_signed to expression . - usb: dwc2: Fix NULL qh in dwc2_queue_transaction . - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend . - usb: dwc3: do not set gadget-greater than is_otg flag . - usb: dwc3: gadget: Prevent core from processing stale TRBs . - usb: f_fs: Fix use-after-free for epfile . - usb: gadget: f_uac2: Define specific wTerminalType . - usb: gadget: rndis: check size of RNDIS_MSG_SET command . - usb: gadget: s3c: remove unused "udc" variable . - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition . - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe . - usb: ulpi: Call of_node_put correctly . - usb: ulpi: Move of_node_put to ulpi_dev_release . Special Instructions and Notes: Please reboot the system after installing this update.