| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Fix bsc#1229929, bsc#1230140 (patch already submitted upstream): * [openSUSE] target/ppc: Fix lxvx/stxvx facility check (bsc#1229929)
- Fix bsc#1230140 (and bsc#1229814 & bsc#1230008): * target/ppc: Fix lxv/stxv MSR facility check (bsc#1230140, bsc#1229814, bsc#1230008) - Fix a build issue of ipxe with newer binutils: * [openSUSE] roms/ipxe: Backport patches to fix the build with binutils 2.41 - Misc: * [openSUSE] Update hash of the sgabios submodule
- Fix bsc#1229007, CVE-2024-7409: * nbd/server: CVE-2024-7409: Close stray clients at server-stop (bsc#1229007) * nbd/server: CVE-2024-7409: Drop non-negotiating clients (bsc#1229007) * nbd/server: CVE-2024-7409: Cap default max-connections to 100 (bsc#1229007) * nbd/server: Plumb in new args to nbd_client_add() (bsc#1229007, CVE-2024-7409) * nbd: Minor style and typo fixes (bsc#1229007, CVE-2024-7409)
- Backports and bugfixes: * hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() (bsc#1222841, CVE-2024-3567) * hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/display/virtio-gpu: Protect from DMA re-entrancy bugs (bsc#1222843, CVE-2024-3446) * hw/virtio: Introduce virtio_bh_new_guarded() helper (bsc#1222843, CVE-2024-3446) * hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set (bsc#1222845, CVE-2024-3447) * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328)
- Bugs and CVEs fixes: * hw/nvme: Use pcie_sriov_num_vfs() (bsc#1220065, CVE-2024-26328) * pcie: Introduce pcie_sriov_num_vfs (bsc#1220065, CVE-2024-26328) * virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693) * hw/pvrdma: Protect against buggy or malicious guest driver (bsc#1209554, CVE-2023-1544) * pcie_sriov: Validate NumVFs (bsc#1220062, CVE-2024-26327) * esp: restrict non-DMA transfer length to that of available data (bsc#1220134, CVE-2024-24474) * s390x/ap: Wire up the device request notifier interface (bsc#1205316) * linux-headers: update to v6.5-rc1 (bsc#1205316) * Update linux headers to v6.3rc5 (bsc#1205316) * linux-headers: Update to v6.2-rc8 (bsc#1205316) * linux-headers: Update to v6.1 (bsc#1205316) - Backport of SapphireRapids CPU Models (jsc#PED-8113): * target/i386: add support for VMX_SECONDARY_EXEC_ENABLE_USER_WAIT_PAUSE * target/i386: Export MSR_ARCH_CAPABILITIES bits to guests * docs: re-generate x86_64 ABI compatibility CSV * target/i386: Add new CPU model GraniteRapids * target/i386: Add few security fix bits in ARCH_CAPABILITIES into SapphireRapids CPU model * target/i386: Add new bit definitions of MSR_IA32_ARCH_CAPABILITIES * target/i386: Allow MCDT_NO if host supports * target/i386: Add support for MCDT_NO in CPUID enumeration * target/i386: Adjust feature level according to FEAT_7_1_EDX * target/i386: Add support for PREFETCHIT0/1 in CPUID enumeration * target/i386: Add support for AVX-NE-CONVERT in CPUID enumeration * target/i386: Add support for AVX-VNNI-INT8 in CPUID enumeration * target/i386: Add support for AVX-IFMA in CPUID enumeration * target/i386: Add support for AMX-FP16 in CPUID enumeration * target/i386: Add support for CMPCCXADD in CPUID enumeration * target/i386: add support for FB_CLEAR feature * target/i386: add support for FLUSH_L1D feature * i386: Add new CPU model SapphireRapids * target/i386: KVM: allow fast string operations if host supports them * target/i386: add FZRM, FSRS, FSRC * target/i386: add FSRM to TCG - Backport of EPYC-Genoa CPU Model (jsc#PED-7366): * target/i386: Add EPYC-Genoa model to support Zen 4 processor series * target/i386: Add VNMI and automatic IBRS feature bits * target/i386: Add missing feature bits in EPYC-Milan model * target/i386: Add feature bits for CPUID_Fn80000021_EAX * target/i386: Add a couple of feature bits in 8000_0008_EBX * target/i386: Add new EPYC CPU versions with updated cache_info * target/i386: allow versioned CPUs to specify new cache_info