diff --git a/patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch b/patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch index e5ae38d..33f544e 100644 --- a/patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch +++ b/patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch @@ -4,7 +4,7 @@ Date: Tue, 3 Oct 2023 08:53:32 -0700 Subject: [PATCH] HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit Git-commit: 8f02139ad9a7e6e5c05712f8c1501eebed8eacfd Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52519 bsc#1220920 The EHL (Elkhart Lake) based platforms provide a OOB (Out of band) service, which allows to wakup device when the system is in S5 (Soft-Off diff --git a/patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch b/patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch index 23e432f..5ea5159 100644 --- a/patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch +++ b/patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch @@ -4,7 +4,7 @@ Date: Sun, 3 Sep 2023 18:04:00 +0200 Subject: [PATCH] HID: sony: Fix a potential memory leak in sony_probe() Git-commit: e1cd4004cde7c9b694bbdd8def0e02288ee58c74 Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52529 bsc#1220929 If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called. diff --git a/patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch b/patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch index 7362d12..963f55f 100644 --- a/patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch +++ b/patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch @@ -5,7 +5,7 @@ Subject: [PATCH 1/1] IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests Git-commit: 00cbce5cbf88459cd1aa1d60d0f1df15477df127 Patch-mainline: v6.4-rc1 -References: git-fixes +References: git-fixes CVE-2023-52474 bsc#1220445 hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs diff --git a/patches.suse/RDMA-siw-Fix-connection-failure-handling.patch b/patches.suse/RDMA-siw-Fix-connection-failure-handling.patch index b754fd6..65a1f90 100644 --- a/patches.suse/RDMA-siw-Fix-connection-failure-handling.patch +++ b/patches.suse/RDMA-siw-Fix-connection-failure-handling.patch @@ -4,7 +4,7 @@ Date: Tue, 5 Sep 2023 16:58:22 +0200 Subject: [PATCH 1/1] RDMA/siw: Fix connection failure handling Git-commit: 53a3f777049771496f791504e7dc8ef017cba590 Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52513 bsc#1221022 In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is diff --git a/patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch b/patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch index 404fa62..c65d3d1 100644 --- a/patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch +++ b/patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch @@ -4,7 +4,7 @@ Date: Wed, 23 Aug 2023 13:57:27 -0700 Subject: [PATCH 1/1] RDMA/srp: Do not call scsi_done() from srp_abort() Git-commit: e193b7955dfad68035b983a0011f4ef3590c85eb Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52515 bsc#1221048 After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback, it performs one of the following actions: diff --git a/patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch b/patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch index 423dc39..c678a51 100644 --- a/patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch +++ b/patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch @@ -4,7 +4,7 @@ Date: Thu, 14 Sep 2023 07:15:07 +0200 Subject: [PATCH] Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" Git-commit: 29346e217b8ab8a52889b88f00b268278d6b7668 Patch-mainline: v6.6-rc4 -References: git-fixes +References: git-fixes CVE-2023-52564 bsc#1220938 This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. diff --git a/patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch b/patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch index 93aa92c..ef66393 100644 --- a/patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch +++ b/patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch @@ -3,7 +3,7 @@ Date: Mon, 4 Dec 2023 22:04:19 +0800 Subject: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Patch-mainline: v6.8-rc1 Git-commit: 169410eba271afc9f0fb476d996795aa26770c6d -References: bsc#1220251 CVE-2023-52447 +References: bsc#1220251 CVE-2023-52447 CVE-2023-52621 bsc#1222073 X-Info: additional change in include/linux/bpf.h pulled from 8c7dcb84e3b7 "bpf: implement sleepable uprobes by chaining gps" These three bpf_map_{lookup,update,delete}_elem() helpers are also diff --git a/patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch b/patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch index d30c366..79fdf65 100644 --- a/patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch +++ b/patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch @@ -4,7 +4,7 @@ Date: Sat, 7 Oct 2023 11:30:49 +0800 Subject: [PATCH] ieee802154: ca8210: Fix a potential UAF in ca8210_probe Git-commit: f990874b1c98fe8e57ee9385669f501822979258 Patch-mainline: v6.6-rc6 -References: git-fixes +References: git-fixes CVE-2023-52510 bsc#1220898 If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an diff --git a/patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch b/patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch index 0810522..5ce319f 100644 --- a/patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch +++ b/patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch @@ -4,7 +4,7 @@ Date: Fri, 8 Sep 2023 19:58:53 -0400 Subject: [PATCH] net: nfc: llcp: Add lock when modifying device list Git-commit: dfc7f7a988dad34c3bf4c053124fb26aa6c5f916 Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52524 bsc#1220927 The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered. diff --git a/patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch b/patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch index 4277b00..a800dd5 100644 --- a/patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch +++ b/patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch @@ -4,7 +4,7 @@ Date: Sun, 24 Sep 2023 02:35:49 +0900 Subject: [PATCH] net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg Git-commit: e9c65989920f7c28775ec4e0c11b483910fb67b8 Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52528 bsc#1220843 syzbot reported the following uninit-value access issue: diff --git a/patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch b/patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch index b81da54..1966a99 100644 --- a/patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch +++ b/patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch @@ -4,7 +4,7 @@ Date: Mon, 9 Oct 2023 16:00:54 -0400 Subject: [PATCH] nfc: nci: assert requested protocol is valid Git-commit: 354a6e707e29cb0c007176ee5b8db8be7bd2dee0 Patch-mainline: v6.6-rc6 -References: git-fixes +References: git-fixes CVE-2023-52507 bsc#1220833 The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum diff --git a/patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch b/patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch index c969fb6..7d564fb 100644 --- a/patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch +++ b/patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch @@ -4,7 +4,7 @@ Date: Thu, 21 Sep 2023 23:17:31 +0900 Subject: [PATCH] nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() Git-commit: 7ee29facd8a9c5a26079148e36bcf07141b3a6bc Patch-mainline: v6.6-rc4 -References: git-fixes +References: git-fixes CVE-2023-52566 bsc#1220940 In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If diff --git a/patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch b/patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch index 4e282c4..8c8aa54 100644 --- a/patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch +++ b/patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch @@ -3,7 +3,7 @@ Date: Thu, 17 Aug 2023 12:43:01 -0700 Subject: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() Patch-mainline: v6.6-rc2 Git-commit: 8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c -References: bsc#1214842 +References: bsc#1214842 CVE-2023-52508 bsc#1221015 The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to diff --git a/patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch b/patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch index 84b06eb..5bb2d7c 100644 --- a/patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch +++ b/patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch @@ -4,7 +4,7 @@ Subject: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length Patch-mainline: v6.8-rc1 Git-commit: efa56305908ba20de2104f1b8508c6a7401833be -References: bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356 +References: bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356 CVE-2023-52454 bsc#1220320 If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). diff --git a/patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch b/patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch index 9ed58bd..bb0180c 100644 --- a/patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch +++ b/patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch @@ -7,7 +7,7 @@ Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 8bit Git-commit: 528ab3e605cabf2f9c9bd5944d3bfe15f6e94f81 Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52520 bsc#1220921 If a duplicate attribute is found using kset_find_obj(), a reference to that attribute is returned which needs to be disposed accordingly diff --git a/patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch b/patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch index 37e845b..60d6ffb 100644 --- a/patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch +++ b/patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch @@ -3,7 +3,7 @@ Date: Thu, 5 Oct 2023 10:12:01 +0900 Subject: ravb: Fix use-after-free issue in ravb_tx_timeout_work() Patch-mainline: v6.6-rc6 Git-commit: 3971442870713de527684398416970cf025b4f89 -References: bsc#1212514 CVE-2023-35827 +References: bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836 The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after diff --git a/patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch b/patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch index bc60756..421e248 100644 --- a/patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch +++ b/patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch @@ -3,7 +3,7 @@ Date: Thu, 7 Sep 2023 12:28:20 -0400 Subject: ring-buffer: Do not attempt to read past "commit" Git-commit: 95a404bd60af6c4d9d8db01ad14fe8957ece31ca Patch-mainline: v6.6-rc2 -References: git-fixes +References: git-fixes CVE-2023-52501 bsc#1220885 When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and diff --git a/patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch b/patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch index c00b39a..d55b5de 100644 --- a/patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch +++ b/patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch @@ -4,7 +4,7 @@ Date: Fri, 1 Sep 2023 01:25:55 +0300 Subject: [PATCH] serial: 8250_port: Check IRQ data before use Git-commit: cce7fc8b29961b64fadb1ce398dc5ff32a79643b Patch-mainline: v6.6-rc4 -References: git-fixes +References: git-fixes CVE-2023-52567 bsc#1220839 In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware diff --git a/patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch b/patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch index d6ac3eb..464fb81 100644 --- a/patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch +++ b/patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch @@ -4,7 +4,7 @@ Date: Sun, 27 Aug 2023 17:25:58 +0200 Subject: [PATCH] spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain Git-commit: 1f11f4202caf5710204d334fe63392052783876d Patch-mainline: v6.6-rc1 -References: git-fixes +References: git-fixes CVE-2023-52517 bsc#1221055 Previously the transfer complete IRQ immediately drained to RX FIFO to read any data remaining in FIFO to the RX buffer. This behaviour is diff --git a/patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch b/patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch index 86ab506..8705111 100644 --- a/patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch +++ b/patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch @@ -4,7 +4,7 @@ Date: Sun, 27 Aug 2023 17:25:57 +0200 Subject: [PATCH] spi: sun6i: reduce DMA RX transfer width to single byte Git-commit: 171f8a49f212e87a8b04087568e1b3d132e36a18 Patch-mainline: v6.6-rc1 -References: git-fixes +References: git-fixes CVE-2023-52511 bsc#1221012 Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is down to single diff --git a/patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch b/patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch index f40ff19..7b32be5 100644 --- a/patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch +++ b/patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch @@ -4,7 +4,7 @@ Date: Fri, 8 Sep 2023 18:41:12 +0800 Subject: [PATCH] wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Git-commit: aef7a0300047e7b4707ea0411dc9597cba108fc8 Patch-mainline: v6.6-rc5 -References: git-fixes +References: git-fixes CVE-2023-52525 bsc#1220840 Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without diff --git a/patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch b/patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch index 381b025..b336e0d 100644 --- a/patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch +++ b/patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch @@ -3,7 +3,7 @@ Date: Thu, 12 Oct 2023 13:04:24 +0300 Subject: x86/alternatives: Disable KASAN in apply_alternatives() Git-commit: d35652a5fc9944784f6f50a5c979518ff8dacf61 Patch-mainline: v6.6-rc6 -References: git-fixes +References: git-fixes CVE-2023-52504 bsc#1221553 Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: diff --git a/patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch b/patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch index 79e1d63..e2b76d8 100644 --- a/patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch +++ b/patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch @@ -3,7 +3,7 @@ Date: Mon, 4 Sep 2023 22:04:48 -0700 Subject: x86/srso: Fix SBPB enablement for spec_rstack_overflow=off Git-commit: 01b057b2f4cc2d905a0bd92195657dbd9a7005ab Patch-mainline: v6.6-rc3 -References: git-fixes +References: git-fixes CVE-2023-52575 bsc#1220871 If the user has requested no SRSO mitigation, other mitigations can use the lighter-weight SBPB instead of IBPB.