diff --git a/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch b/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch index 99a77c1..cfa6f81 100644 --- a/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch +++ b/patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch @@ -4,7 +4,7 @@ Date: Fri, 26 Jan 2024 18:09:01 +0100 Subject: [PATCH] HID: i2c-hid-of: fix NULL-deref on failed power up Git-commit: 00aab7dcb2267f2aef59447602f34501efe1a07f Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26717 bsc#1222360 A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which diff --git a/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch b/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch index 5e14cc2..5a58a36 100644 --- a/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch +++ b/patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch @@ -3,7 +3,7 @@ Date: Tue, 16 Jan 2024 11:02:20 +0000 Subject: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Git-commit: 832dd634bd1b4e3bbe9f10b9c9ba5db6f6f2b97f Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2024-26670 bsc#1222356 Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't quite right, as it is supposed to be applied after the last explicit diff --git a/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch b/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch index a495e92..2d48215 100644 --- a/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch +++ b/patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch @@ -4,7 +4,7 @@ Date: Thu, 25 Jan 2024 17:12:53 -0600 Subject: [PATCH] crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Git-commit: ccb88e9549e7cfd8bcd511c538f437e20026e983 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26695 bsc#1222373 The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: diff --git a/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch b/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch index 92d99a7..391a36d 100644 --- a/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch +++ b/patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch @@ -3,7 +3,7 @@ Date: Wed, 7 Feb 2024 12:59:02 +0100 Subject: dpll: fix possible deadlock during netlink dump operation Patch-mainline: v6.8-rc5 Git-commit: 53c0441dd2c44ee93fddb5473885fd41e4bc2361 -References: jsc#PED-6079 +References: jsc#PED-6079 CVE-2024-26725 bsc#1222369 Recently, I've been hitting following deadlock warning during dpll pin dump: diff --git a/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch b/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch index 40a8a07..4d4a080 100644 --- a/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch +++ b/patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch @@ -4,7 +4,7 @@ Date: Wed, 31 Jan 2024 08:49:41 +0530 Subject: [PATCH] drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' Git-commit: 66951d98d9bf45ba25acf37fe0747253fafdf298 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26661 bsc#1222323 Alt-commit: fb5a3d037082b52a5c52be647c3936ca7651d7d5 In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" diff --git a/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch b/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch index b7c8844..ab38515 100644 --- a/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch +++ b/patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch @@ -4,7 +4,7 @@ Date: Sat, 27 Jan 2024 18:34:01 +0530 Subject: [PATCH] drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' Git-commit: e96fddb32931d007db12b1fce9b5e8e4c080401b Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26662 bsc#1222324 Alt-commit: 886571d217d7cc4e0f96f68b21238e3e25694e74 'panel_cntl' structure used to control the display panel could be null, diff --git a/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch b/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch index 8e96d1d..e261f80 100644 --- a/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch +++ b/patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch @@ -4,7 +4,7 @@ Date: Wed, 7 Feb 2024 10:20:57 +0530 Subject: [PATCH] drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Git-commit: 58fca355ad37dcb5f785d9095db5f748b79c5dc2 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26660 bsc#1222266 Alt-commit: 15dba12c5659772f9a5e5194f18160ed5dda470e [ Upstream commit 58fca355ad37dcb5f785d9095db5f748b79c5dc2 ] diff --git a/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch b/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch index 6c2c129..79baacb 100644 --- a/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch +++ b/patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch @@ -4,7 +4,7 @@ Date: Fri, 16 Feb 2024 09:23:19 -0300 Subject: drm/amd/display: fix null-pointer dereference on edid reading Git-commit: 9671761792156f2339627918bafcd713a8a6f777 Patch-mainline: v6.8-rc6 -References: git-fixes +References: git-fixes CVE-2024-26728 bsc#1222370 Alt-commit: 21db6199f201fab18d225cce7d94b5fcbc459bf6 Use i2c adapter when there isn't aux_mode in dc_link to fix a diff --git a/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch b/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch index d2b7974..ebd96e7 100644 --- a/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch +++ b/patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch @@ -7,7 +7,7 @@ Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 8bit Git-commit: 4f32504a2f85a7b40fe149436881381f48e9c0c0 Patch-mainline: v6.8-rc1 -References: git-fixes +References: git-fixes CVE-2024-26672 bsc#1222358 [ Upstream commit 4f32504a2f85a7b40fe149436881381f48e9c0c0 ] diff --git a/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch b/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch index 7a5d825..5728691 100644 --- a/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch +++ b/patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch @@ -6,7 +6,7 @@ Subject: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg Git-commit: 962ac2dce56bb3aad1f82a4bbe3ada57a020287c Alt-commit: 6074be620c31dc2ae11af96a1a5ea95580976fb5 Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2024-26721 bsc#1222365 Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register diff --git a/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch b/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch index 0b5ad6c..b85de1c 100644 --- a/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch +++ b/patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch @@ -4,7 +4,7 @@ Date: Wed, 17 Jan 2024 11:41:09 -0800 Subject: [PATCH] drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Git-commit: 7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26667 bsc#1222331 The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another diff --git a/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch b/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch index 3bf06d6..b1d6eac 100644 --- a/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch +++ b/patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch @@ -4,7 +4,7 @@ Date: Fri, 2 Feb 2024 17:21:34 +0800 Subject: [PATCH] hwmon: (coretemp) Fix out-of-bounds memory access Git-commit: 4e440abc894585a34c2904a32cd54af1742311b3 Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26664 bsc#1222355 Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per diff --git a/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch b/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch index 0ce18b0..6e71583 100644 --- a/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch +++ b/patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch @@ -4,7 +4,7 @@ Date: Tue, 6 Feb 2024 13:30:54 +0100 Subject: [PATCH 03/16] lan966x: Fix crash when adding interface under a lag Git-commit: 15faa1f67ab405d47789d4702f587ec7df7ef03e Patch-mainline: v6.8-rc5 -References: git-fixes +References: git-fixes CVE-2024-26723 bsc#1222367 There is a crash when adding one of the lan966x interfaces under a lag interface. The issue can be reproduced like this: diff --git a/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch b/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch index 8fb74f6..5991943 100644 --- a/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch +++ b/patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch @@ -3,7 +3,7 @@ Date: Thu, 18 Jan 2024 10:19:53 -0800 Subject: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Git-commit: 9319b647902cbd5cc884ac08a8a6d54ce111fc78 Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26720 bsc#1222364 (struct dirty_throttle_control *)->thresh is an unsigned long, but is passed as the u32 divisor argument to div_u64(). On architectures where diff --git a/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch b/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch index c1eb4eb..9ce25d6 100644 --- a/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch +++ b/patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch @@ -3,7 +3,7 @@ Date: Tue, 30 Jan 2024 23:35:51 -0800 Patch-mainline: v6.8-rc3 Subject: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Git-commit: e0526ec5360a48ad3ab2e26e802b0532302a7e11 -References: git-fixes +References: git-fixes CVE-2024-26698 bsc#1222374 In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, diff --git a/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch b/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch index b298de4..8983e48 100644 --- a/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch +++ b/patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch @@ -4,7 +4,7 @@ Date: Tue, 5 Mar 2024 07:59:27 +0000 Subject: [PATCH] sr9800: Add check for usbnet_get_endpoints Git-commit: 07161b2416f740a2cb87faa5566873f401440a61 Patch-mainline: v6.9-rc1 -References: git-fixes +References: git-fixes CVE-2024-26651 bsc#1221337 Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. diff --git a/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch b/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch index f8cfe27..c63ec89 100644 --- a/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch +++ b/patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch @@ -4,7 +4,7 @@ Date: Wed, 10 Jan 2024 15:28:14 +0530 Subject: [PATCH] usb: core: Prevent null pointer dereference in update_port_device_state Git-commit: 12783c0b9e2c7915a50d5ec829630ff2da50472c Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26716 bsc#1222359 Currently, the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. diff --git a/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch b/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch index 2434d9a..226281d 100644 --- a/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch +++ b/patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch @@ -4,7 +4,7 @@ Date: Mon, 29 Jan 2024 15:53:48 +0100 Subject: [PATCH] wifi: mac80211: fix RCU use in TDLS fast-xmit Git-commit: 9480adfe4e0f0319b9da04b44e4eebd5ad07e0cd Patch-mainline: v6.8-rc4 -References: git-fixes +References: git-fixes CVE-2024-26666 bsc#1222293 This looks up the link under RCU protection, but isn't guaranteed to actually have protection. Fix that. diff --git a/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch b/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch index 512bd7a..4e5bbed 100644 --- a/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch +++ b/patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch @@ -4,7 +4,7 @@ Date: Thu, 25 Jan 2024 17:27:37 +0200 Subject: [PATCH] xhci: handle isoc Babble and Buffer Overrun events properly Git-commit: 7c4650ded49e5b88929ecbbb631efb8b0838e811 Patch-mainline: v6.8-rc3 -References: git-fixes +References: git-fixes CVE-2024-26659 bsc#1222317 xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the