The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. NOTE: This update was retracted due to data corruptions on NFS filesystems. The following security bugs were fixed: * CVE-2019-25160: Fixed out-of-bounds memory accesses in netlabel . * CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure . * CVE-2021-23134: Fixed a use-after-free issue in nfc sockets . * CVE-2021-46904: Fixed NULL pointer dereference during tty device unregistration . * CVE-2021-46905: Fixed NULL pointer dereference on disconnect regression . * CVE-2021-46909: Fixed PCI interrupt mapping in ARM footbridge . * CVE-2021-46938: Fixed double free of blk_mq_tag_set in dev remove after table load fails . * CVE-2021-46939: Fixed possible hung in trace_clock_global . * CVE-2021-46941: Fixed core softreset when switch mode in usb dwc3 . * CVE-2021-46950: Fixed possible data corruption in md/raid1 when ending a failed write request . * CVE-2021-46958: Fixed race between transaction aborts and fsyncs that could lead to use-after-free in btrfs . * CVE-2021-46960: Fixed wrong error code from smb2_get_enc_key . * CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand . * CVE-2021-46964: Fixed unreserved extra IRQ vectors in qla2xxx . * CVE-2021-46966: Fixed potential use-after-free issue in cm_write . * CVE-2021-46981: Fixed NULL pointer in flush_workqueue . * CVE-2021-46988: Fixed possible crash in userfaultfd due to unreleased page . * CVE-2021-46990: Fixed crashes when toggling entry flush barrier in powerpc/64s . * CVE-2021-46998: Fixed a use after free bug in enic_hard_start_xmit . * CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint . * CVE-2021-47015: Fixed RX consumer index logic in the error path in bnxt_en . * CVE-2021-47024: Fixed possible memory leak in vsock/virtio when closing socket . * CVE-2021-47034: Fixed resolved pte update for kernel memory on radix in powerpc/64s . * CVE-2021-47045: Fixed null pointer dereference in lpfc_prep_els_iocb . * CVE-2021-47049: Fixed Use after free in __vmbus_open . * CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd . * CVE-2021-47056: Fixed uninitialized lock in adf_vf2pf_shutdown . * CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed . * CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync"ing SRCU . * CVE-2021-47063: Fixed possible use-after-free in panel_bridge_detach . * CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect . * CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic . * CVE-2021-47071: Fixed memory leak in error handling paths in uio_hv_generic . * CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi . * CVE-2021-47100: Fixed UAF when uninstall in ipmi . * CVE-2021-47101: Fixed uninit-value in asix_mdio_read . * CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts . * CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm . * CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm . * CVE-2021-47114: Fixed data corruption by fallocate in ocfs2 . * CVE-2021-47117: Fixed bug on in ext4_es_cache_extent as ext4_split_extent_at failed . * CVE-2021-47118: Fixed possible use-after-free when initializing `cad_pid` . * CVE-2021-47119: Fixed memory leak in ext4_fill_super . * CVE-2021-47138: Fixed possible out-of-bound memory access in cxgb4 when clearing filters . * CVE-2021-47141: Fixed possible NULL pointer dereference when freeing irqs . * CVE-2021-47142: Fixed a use-after-free in drm/amdgpu . * CVE-2021-47143: Fixed possible corruption in net/smc after failed device_add . * CVE-2021-47150: Fixed the potential memory leak in fec_enet_init . * CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 . * CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson . * CVE-2021-47166: Fixed possible corruptionb in nfs_do_recoalesce . * CVE-2021-47167: Fixed an Oopsable condition in __nfs_pageio_add_request . * CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout . * CVE-2021-47169: Fixed possible NULL pointer dereference in serial/rp2 . * CVE-2021-47171: Fixed memory leak in smsc75xx_bind . * CVE-2021-47173: Fixed memory leak in uss720_probe . * CVE-2021-47177: Fixed sysfs leak in alloc_iommu . * CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return . * CVE-2021-47180: Fixed memory leak in nci_allocate_device . * CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource . * CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc . * CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer . * CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs . * CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions * CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c . * CVE-2022-48619: Fixed a denial-of-service issue in drivers/input/input.c . * CVE-2022-48626: Fixed a potential use-after-free on remove path moxart . * CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system . * CVE-2023-28746: Fixed Register File Data Sampling . * CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work . * CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length . * CVE-2023-52469: Fixed use-after-free in kv_parse_power_table . * CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init . * CVE-2023-52474: Fixed bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests in hfi1 . * CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall . * CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors . * CVE-2023-52486: Fixed possible use-after-free in drm . * CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work . * CVE-2023-52515: Fixed possible use-after-free in RDMA/srp . * CVE-2023-52524: Fixed possible corruption in nfc/llcp . * CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg . * CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off . * CVE-2023-52583: Fixed deadlock or deadcode of misusing dget inside ceph . * CVE-2023-52587: Fixed mcast list locking in IB/ipoib . * CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming . * CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming . * CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace . * CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf . * CVE-2023-52628: Fixed 4-byte stack OOB write in nftables . * CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie . * CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts . * CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec . * CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request . * CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete . * CVE-2023-7042: Fixed a NULL pointer dereference vulnerability in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev . * CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c . * CVE-2024-2201: Fixed information leak in x86/BHI . * CVE-2024-22099: Fixed NULL Pointer Dereference vulnerability in /net/bluetooth/rfcomm/core.c . * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules . * CVE-2024-24855: Fixed a null pointer dereference due to race condition in scsi device driver in lpfc_unregister_fcf_rescan function . * CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000 xc4000_get_frequency function . * CVE-2024-26614: Fixed the initialization of accept_queue"s spinlocks . * CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables . * CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 . * CVE-2024-26733: Fixed an overflow in arp_req_get in arp . * CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr * CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt * CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp in gtp . * CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt . * CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma * CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink in gtp . * CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink . * CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places . * CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache . * CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi . * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb-greater thanmac_header . * CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y . * CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 . * CVE-2024-26689: Fixed a use-after-free in encode_cap_msg . * CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found . * CVE-2021-47182: Fixed scsi_mode_sense buffer length handling . * CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface . * CVE-2024-26993: Fixed a reference leak in sysfs_break_active_protection * CVE-2023-52650: Added missing check for of_find_device_by_node * CVE-2024-26948: Added a dc_state NULL check in dc_state_release * CVE-2024-27013: Limited printing rate when illegal packet received by tun dev . * CVE-2024-27014: Prevented deadlock while disabling aRFS . * CVE-2024-27046: Handled acti_netdevs allocation failure . * CVE-2021-47162: Fixed a possible memory leak in tipc_buf_append . * CVE-2024-27072: Removed useless locks in usbtv_video_free . * CVE-2024-27075: Avoided stack overflow warnings with clang . * CVE-2024-27073: Fixed a memory leak in budget_av_attach . * CVE-2024-27074: Fixed a memory leak in go7007_load_encoder . * CVE-2024-27078: Fixed a memory leak in tpg_alloc . * CVE-2023-52652: Fixed a possible name leak in ntb_register_device . * CVE-2024-23848: Fixed a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c . * CVE-2024-26859: Prevent access to a freed page in page_pool in bnx2x . * CVE-2024-26817: Used calloc instead of kzalloc to avoid integer overflow * CVE-2021-47149: Fixed a potential null pointer deref in fmvj18x_get_hwinfo . * CVE-2023-52620: Disallowed timeout for anonymous sets in nf_tables . * CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify . * CVE-2024-26878: Fixed potential NULL pointer dereference, related to dquots . * CVE-2024-26901: Used kzalloc to fix information leak in do_sys_name_to_handle . * CVE-2024-26671: Fixed an IO hang from sbitmap wakeup race in blk_mq_mark_tag_wait . * CVE-2024-26772: Avoided allocating blocks from corrupted group in ext4_mb_find_by_goal . * CVE-2023-52614: Fixed a buffer overflow in trans_stat_show . * CVE-2024-26855: Fixed a potential NULL pointer dereference in ice_bridge_setlink . * CVE-2024-26857: Made sure to pull inner header in geneve_rx . * CVE-2024-26675: Limited MRU to 64K in ppp_async_ioctl . * CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 . * CVE-2023-52488: Converted from _raw_ to _noinc_ regmap functions for FIFO in sc16is7xx . * CVE-2024-26922: Validated the parameters of bo mapping operations more clearly . * CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync . * CVE-2023-52635: Synchronized devfreq_monitor_[start/stop] for devfreq . * CVE-2024-26883: Checked for integer overflow when using roundup_pow_of_two . * CVE-2024-26884: Fixed a bpf hashtab overflow check on 32-bit architectures . * CVE-2024-26839: Fixed a memleak in init_credit_return * CVE-2023-52644: Stop/wake correct queue in DMA Tx path when QoS is disabled in b43 . * CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng . * CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb- audio . * CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus . * CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 . * CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis * CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage * CVE-2024-26747: Fixed a NULL pointer issue with USB parent module"s reference . The following non-security bugs were fixed: * Input: adxl34x - do not hardcode interrupt trigger type . * Input: drv260x - sleep between polling GO bit . * Input: ipaq-micro-keys - add error handling for devm_kmemdup. * Input: xpad - add PXN V900 support. * USB: core: Fix deadlock in usb_deauthorize_interface. * USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command . * atl1c: fix error return code in atl1c_probe . * atl1e: fix error return code in atl1e_probe . * bluetooth: btqca: Fixed a coding style error . * bluetooth: btqca: Introduce HCI_EV_VENDOR and use it . * bluetooth: btqcomsmd: Fix command timeout after setting BD address . * bluetooth: hci_intel: Add check for platform_driver_register . * bnx2x: Fix enabling network interfaces without VFs . * bnx2x: Fix missing error code in bnx2x_iov_init_one . * bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t . * drivers: usb: host: Fix deadlock in oxu_bus_suspend . * ethernet: myri10ge: Fix missing error code in myri10ge_probe . * ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram . * fuse: do not unhash root . * iommu/amd: Increase interrupt remapping table limit to 512 entries . * iommu/amd: Mark interrupt as managed . * iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs . * iommu/amd: Silence warnings under memory pressure . * iommu: Check if group is NULL before remove device . * kabi fix for pNFS: Fix the pnfs block driver"s calculation of layoutget size . * kabi: pci: Add locking to RMW PCI Express Capability Register accessors . * lan78xx: Add missing return code checks . * lan78xx: Add support to dump lan78xx registers . * lan78xx: Do not access skb_queue_head list pointers directly . * lan78xx: Fix exception on link speed change . * lan78xx: Fix partial packet errors on suspend/resume . * lan78xx: Fix race conditions in suspend/resume handling . * lan78xx: Fix white space and style issues . * lan78xx: Modify error messages . * lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected . * net/mlx5: Properly convey driver version to firmware . * net/qla3xxx: fix schedule while atomic in ql_sem_spinlock . * net: Fix features skip in for_each_netdev_feature . * net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function . * net: atheros: switch from "pci_" to "dma_" API . * net: lan78xx: Allow for VLAN headers in timeout calcs . * net: lan78xx: Make declaration style consistent . * net: lan78xx: Merge memcpy + lexx_to_cpus to get_unaligned_lexx . * net: lan78xx: fix runtime PM count underflow on link stop . * net: lan78xx: remove set but not used variable "event" . * net: macb: ensure the device is available before accessing GEMGXL control registers . * net: stmmac: free tx skb buffer in stmmac_resume . * net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr . * net: usb: lan78xx: Remove lots of set but unused "ret" variables . * net:usb: Use ARRAY_SIZE instead of calculating the array size . * nfs: Fix O_DIRECT commit verifier handling . * nfs: Fix O_DIRECT locking issues . * nfs: Fix a request reference leak in nfs_direct_write_clear_reqs . * nfs: Fix an off by one in root_nfs_cat . * nfs: Fix direct WRITE throughput regression . * nfs: Fix error handling for O_DIRECT write scheduling . * nfs: More O_DIRECT accounting fixes for error paths . * nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly . * nfs: avoid spurious warning of lost lock that is being unlocked . * nfs: commit errors should be fatal . * nfs: only issue commit in DIO codepath if we have uncommitted data . * nfsd: Fix error cleanup path in nfsd_rename . * nfsd: Reset cb_seq_status after NFS4ERR_DELAY . * nfsd: Retransmit callbacks after client reconnects . * nfsd: lock_rename needs both directories to live on the same fs . * nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT . * pci/aer: Clear MULTI_ERR_COR/UNCOR_RCV bits . * pci/aspm: Avoid link retraining race . * pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free . * pci/aspm: Do not warn if already in common clock mode . * pci/aspm: Factor out pcie_wait_for_retrain . * pci/aspm: Reduce severity of common clock config message . * pci/aspm: Return 0 or -ETIMEDOUT from pcie_retrain_link . * pci/aspm: Use RMW accessors for changing LNKCTL . * pci/dpc: Print all TLP Prefixes, not just the first . * pci/iov: Enlarge virtfn sysfs name buffer . * pci/msi: Prevent MSI hardware interrupt number truncation . * pci/pm: Power up all devices during runtime resume . * pci/sysfs: Protect driver"s D3cold preference from user space . * pci: Add ACS quirk for Broadcom BCM5750x NICs . * pci: Add function 1 DMA alias quirk for Marvell 88SE9235 . * pci: Add locking to RMW PCI Express Capability Register accessors . * pci: Avoid FLR for AMD FCH AHCI adapters . * pci: Avoid pci_dev_lock AB/BA deadlock with sriov_numvfs_store . * pci: Make link retraining use RMW accessors for changing LNKCTL . * pci: Mark 3ware-9650SE Root Port Extended Tags as broken . * pci: Rework pcie_retrain_link wait loop . * pci: aardvark: Fix setting MSI address . * pci: aardvark: Fix support for MSI interrupts . * pci: dwc: Add unroll iATU space support to dw_pcie_disable_atu . * pci: endpoint: Do not stop controller when unbinding endpoint function . * pci: hotplug: Allow marking devices as disconnected during bind/unbind . * pci: pciehp: Add pciehp_set_indicators to set both indicators . * pci: pciehp: Cancel bringup sequence if card is not present . * pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock . * pci: pciehp: Use RMW accessors for changing LNKCTL . * pci: qcom: Disable write access to read only registers for IP v2.3.3 . * pci: qcom: Fix unbalanced PHY init on probe errors . * pci: qcom: Use DWC helpers for modifying the read-only DBI registers . * pci: switchtec: Return -EFAULT for copy_to_user errors . * pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats . * pnfs: Fix the pnfs block driver"s calculation of layoutget size . * rdma/ipoib: Fix error code return in ipoib_mcast_join * s390/mm: Fix clearing storage keys for huge pages . * s390/mm: Fix storage key clearing for guest huge pages . * s390/vtime: fix average steal time calculation . * scsi: qla2xxx: Change debug message during driver unload . * scsi: qla2xxx: Delay I/O Abort on PCI error . * scsi: qla2xxx: Fix N2N stuck connection . * scsi: qla2xxx: Fix command flush on cable pull . * scsi: qla2xxx: Fix double free of fcport . * scsi: qla2xxx: Fix double free of the ha-greater thanvp_map pointer . * scsi: qla2xxx: NVME|FCP prefer flag not being honored . * scsi: qla2xxx: Prevent command send on chip reset . * scsi: qla2xxx: Split FCE|EFT trace control . * scsi: qla2xxx: Update manufacturer detail . * scsi: qla2xxx: Update version to 10.02.09.200-k . * sr9800: Add check for usbnet_get_endpoints . * sunrpc: Fix RPC client cleaned up the freed pipefs dentries . * sunrpc: fix a memleak in gss_import_v2_context . * sunrpc: fix some memleaks in gssx_dec_option_array . * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc . * tun: honor IOCB_NOWAIT flag . * usb: dwc2: Fix memory leak in dwc2_hcd_init. * usb: dwc2: check return value after calling platform_get_resource . * usb: dwc3: gadget: Ignore EP queue requests during bus reset . * usb: gadget: Fix issue with config_ep_by_speed function . * usb: mon: Fix atomicity violation in mon_bin_vma_fault . * usb: musb: Modify the "HWVers" register address . * usb: roles: do not get/set_role when usb_role_switch is unregistered. * usb: serial: option: add Fibocom L7xx modules . * usb: serial: option: do not claim interface 4 for ZTE MF290 . * usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility . * usb: typec: class: fix typec_altmode_put_partner to put plugs . * usb: usbfs: Do not WARN about excessively large memory allocations. * x86/CPU/AMD: Update the Zenbleed microcode revisions . * x86/bugs: Fix the SRSO mitigation on Zen3/4 . ## Special Instructions and Notes: * Please reboot the system after installing this update.