- gpg2
-
- Fix Y2K38 FTBFS:
* gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214)
* Upstream issue: dev.gnupg.org/T8096
* Add gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch
- kernel-source:kernel-default
-
- ASoC: nau8821: Cancel pending work before suspend (git-fixes).
- ASoC: nau8821: Cancel delayed work on component remove
(git-fixes).
- commit b862c94
- spi: wpcm-fiu: Fix potential NULL pointer dereference in
wpcm_fiu_probe() (git-fixes).
- thermal: int340x: Fix sysfs group leak on DLVR registration
failure (stable-fixes).
- watchdog: imx7ulp_wdt: handle the nowayout option
(stable-fixes).
- wifi: ath10k: fix lock protection in
ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes).
- wifi: rtw89: pci: restore LDO setting after device resume
(stable-fixes).
- wifi: iwlwifi: mvm: check the validity of noa_len
(stable-fixes).
- wifi: ath12k: fix preferred hardware mode calculation
(stable-fixes).
- wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
(stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il4965_store_tx_power() (stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il3945_store_measurement() (stable-fixes).
- wifi: rtw89: wow: add reason codes for disassociation in WoWLAN
mode (stable-fixes).
- wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes).
- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
(stable-fixes).
- wifi: rtw88: fix DTIM period handling when conf->dtim_period
is zero (stable-fixes).
- wifi: libertas: fix WARNING in usb_tx_block (stable-fixes).
- spi: spi-mem: Protect dirmap_create() with
spi_mem_access_start/end (stable-fixes).
- spi: spi-mem: Limit octal DTR constraints to octal DTR
situations (stable-fixes).
- spi: stm32: fix Overrun issue at < 8bpw (stable-fixes).
- spi-geni-qcom: initialize mode related registers to 0
(stable-fixes).
- spi-geni-qcom: use xfer->bits_per_word for can_dma()
(stable-fixes).
- tools/power cpupower: Reset errno before strtoull()
(stable-fixes).
- spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes).
- commit 9ae9cd6
- PCI: Add defines for bridge window indexing (stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 7f99d8e
- PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
(stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 8b1fafb
- media: dvb-net: fix OOB access in ULE extension header tables
(git-fixes).
- rtc: zynqmp: correct frequency value (stable-fixes).
- ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
(stable-fixes).
- ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
(stable-fixes).
- net: usb: catc: enable basic endpoint checking (git-fixes).
- phy: mvebu-cp110-utmi: fix dr_mode property read from dts
(stable-fixes).
- phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
(stable-fixes).
- soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded
of NUC15) (stable-fixes).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (stable-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(stable-fixes).
- staging: rtl8723bs: fix memory leak on failure path
(stable-fixes).
- staging: rtl8723bs: fix missing status update on
sdio_alloc_irq() failure (stable-fixes).
- iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes).
- iio: Use IRQF_NO_THREAD (stable-fixes).
- Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay
to 5ms" (git-fixes).
- mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
(git-fixes).
- misc: bcm_vk: Fix possible null-pointer dereferences in
bcm_vk_read() (stable-fixes).
- misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
(stable-fixes).
- net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in
uhdlc_memclean() (git-fixes).
- nfc: nxp-nci: remove interrupt trigger type (stable-fixes).
- myri10ge: avoid uninitialized variable use (stable-fixes).
- net: usb: sr9700: remove code to drive nonexistent multicast
filter (stable-fixes).
- net: usb: r8152: fix transmit queue timeout (stable-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(stable-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes).
- PCI: Fix pci_slot_lock () device locking (stable-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(stable-fixes).
- media: rkisp1: Fix filter mode register configuration
(stable-fixes).
- media: cx25821: Fix a resource leak in cx25821_dev_setup()
(stable-fixes).
- media: pvrusb2: fix URB leak in pvr2_send_request_ex
(stable-fixes).
- media: solo6x10: Check for out of bounds chip_id (stable-fixes).
- media: adv7180: fix frame interval in progressive mode
(stable-fixes).
- media: amphion: Clear last_buffer_dequeued flag for
DEC_CMD_START (stable-fixes).
- media: omap3isp: isppreview: always clamp in
preview_try_format() (stable-fixes).
- media: omap3isp: set initial format (stable-fixes).
- media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
(stable-fixes).
- media: dvb-core: dmxdevfilter must always flush bufs
(stable-fixes).
- HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
(stable-fixes).
- HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes).
- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
(stable-fixes).
- HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes).
- HID: magicmouse: Do not crash on missing msc->input
(stable-fixes).
- HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple
keyboards (stable-fixes).
- hwmon: (f71882fg) Add F81968 support (stable-fixes).
- hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes).
- gpio: aspeed-sgpio: Change the macro to support deferred probe
(stable-fixes).
- PCI/MSI: Unmap MSI-X region on error (stable-fixes).
- i3c: master: svc: Initialize 'dev' to NULL in
svc_i3c_master_ibi_isr() (stable-fixes).
- spi: wpcm-fiu: Fix uninitialized res (git-fixes).
- spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
(stable-fixes).
- PCI: Log bridge info when first enumerating bridge
(stable-fixes).
- PCI: Log bridge windows conditionally (stable-fixes).
- PCI: Supply bridge device, not secondary bus, to read window
details (stable-fixes).
- PCI: Move pci_read_bridge_windows() below individual window
accessors (stable-fixes).
- commit 291a680
- ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
(stable-fixes).
- drm/amdgpu: Add HAINAN clock adjustment (stable-fixes).
- drm/radeon: Add HAINAN clock adjustment (stable-fixes).
- drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amd/display: Avoid updating surface with the same surface
under MPO (stable-fixes).
- drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
(stable-fixes).
- dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes).
- dmaengine: sun6i: Choose appropriate burst length under maxburst
(stable-fixes).
- fpga: of-fpga-region: Fail if any bridge is missing
(stable-fixes).
- fix it87_wdt early reboot by reporting running timer
(stable-fixes).
- fbdev: ffb: fix corrupted video output on Sun FFB1
(stable-fixes).
- ata: libata: avoid long timeouts on hot-unplugged SATA DAS
(stable-fixes).
- Bluetooth: btusb: Add device ID for Realtek RTL8761BU
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes).
- Bluetooth: hci_conn: Set link_policy on incoming ACL connections
(stable-fixes).
- Bluetooth: hci_conn: use mod_delayed_work for active mode
timeout (stable-fixes).
- drm/atmel-hlcdc: don't reject the commit if the src rect has
fractional parts (stable-fixes).
- drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after
release (stable-fixes).
- drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state
callback (stable-fixes).
- drm: Account property blob allocations to memcg (stable-fixes).
- drm/amdkfd: Fix GART PTE for non-4K pagesize in
svm_migrate_gart_map() (stable-fixes).
- drm/amdgpu: avoid a warning in timedout job handler
(stable-fixes).
- drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes).
- drm/v3d: Set DMA segment size to avoid debug warnings
(stable-fixes).
- drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
(stable-fixes).
- drm/display/dp_mst: Add protection against 0 vcpi
(stable-fixes).
- ASoC: codecs: max98390: Check return value of
devm_gpiod_get_optional() in max98390_i2c_probe()
(stable-fixes).
- ASoC: sunxi: sun50i-dmic: Add missing check for
devm_regmap_init_mmio (stable-fixes).
- ASoC: wm8962: Don't report a microphone if it's shorted to
ground on plug (stable-fixes).
- ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
(stable-fixes).
- ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes).
- docs: fix WARNING document not included in any toctree
(stable-fixes).
- drm/amdkfd: fix debug watchpoints for logical devices
(stable-fixes).
- commit 0c8127e
- ASoC: nau8821: Consistently clear interrupts before unmasking
(git-fixes).
- Refresh
patches.suse/ASoC-nau8821-Add-DMI-quirk-to-bypass-jack-debounce-c.patch.
- commit abf4286
- ALSA: usb-audio: Add sanity check for OOB writes at silencing
(stable-fixes).
- ALSA: usb-audio: Update the number of packets properly at
receiving (stable-fixes).
- ALSA: usb-audio: Add iface reset and delay quirk for AB13X
USB Audio (stable-fixes).
- ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie
15X Pro (stable-fixes).
- APEI/GHES: ensure that won't go past CPER allocated record
(stable-fixes).
- ACPI: processor: Fix NULL-pointer dereference in
acpi_processor_errata_piix4() (stable-fixes).
- ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
(stable-fixes).
- ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
(stable-fixes).
- commit d3af28a
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- iommu/mediatek: fix use-after-free on probe deferral
(CVE-2025-71071 bsc#1256802).
- commit 0b777d9
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 9bb0920
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
(CVE-2026-23113 bsc#1258278).
- commit 2e91927
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 1c35b41
- nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
(CVE-2026-23179 bsc#1258394).
- commit 63de389
- btrfs: don't log conflicting inode if it's a dir moved in the
current transaction (bsc#1256683 CVE-2025-68778).
- commit 0cd8ff8
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit e38d2c3
- landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698).
- commit cdf3815
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- commit 5db1b51
- pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask
for 8mq vpu (CVE-2026-23116 bsc#1258277).
- commit 1905ad8
- bonding: fix use-after-free due to enslave fail after slave
array update (CVE-2026-23171 bsc#1258349).
- bonding: provide a net pointer to __skb_flow_dissect()
(CVE-2026-23119 bsc#1258273).
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- net: bonding: update the slave array for broadcast mode
(CVE-2026-23171 bsc#1258349).
- commit d461cd4
- Update
patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch
(git-fixes CVE-2025-71192 bsc#1257679).
- Update
patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch
(stable-fixes CVE-2026-23076 bsc#1257788).
- Update
patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch
(git-fixes CVE-2026-23078 bsc#1257789).
- Update
patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch
(git-fixes CVE-2026-23190 bsc#1258397).
- Update
patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch
(git-fixes CVE-2026-23151 bsc#1258237).
- Update
patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch
(git-fixes CVE-2026-23146 bsc#1258234).
- Update
patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch
(stable-fixes CVE-2026-23178 bsc#1258358).
- Update
patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch
(git-fixes CVE-2026-23221 bsc#1258660).
- Update
patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch
(git-fixes CVE-2026-23058 bsc#1257739).
- Update
patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch
(git-fixes CVE-2026-23037 bsc#1257554).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch
(git-fixes CVE-2026-23155 bsc#1258313).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch
(git-fixes CVE-2026-23082 bsc#1257715).
- Update
patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch
(stable-fixes CVE-2025-71182 bsc#1257586).
- Update
patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch
(git-fixes CVE-2026-23061 bsc#1257776).
- Update
patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23080 bsc#1257714).
- Update
patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23108 bsc#1257770).
- Update
patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch
(git-fixes CVE-2025-71231 bsc#1258424).
- Update
patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch
(git-fixes CVE-2026-23222 bsc#1258484).
- Update
patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch
(git-fixes CVE-2026-23229 bsc#1258429).
- Update
patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch
(git-fixes CVE-2025-71191 bsc#1257579).
- Update
patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch
(git-fixes CVE-2025-71190 bsc#1257580).
- Update
patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch
(git-fixes CVE-2025-71189 bsc#1257573).
- Update
patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch
(git-fixes CVE-2025-71188 bsc#1257576).
- Update
patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch
(git-fixes CVE-2026-23033 bsc#1257570).
- Update
patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch
(git-fixes CVE-2026-23026 bsc#1257562).
- Update
patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch
(git-fixes CVE-2025-71185 bsc#1257560).
- Update
patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch
(git-fixes CVE-2025-71195 bsc#1257704).
- Update patches.suse/dpll-Prevent-duplicate-registrations.patch
(git-fixes CVE-2026-23129 bsc#1258299).
- Update
patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch
(git-fixes CVE-2026-23163 bsc#1258544).
- Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch
(git-fixes CVE-2026-23170 bsc#1258379).
- Update
patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch
(git-fixes CVE-2026-23049 bsc#1257723).
- Update
patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch
(git-fixes CVE-2026-23156 bsc#1258317).
- Update
patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch
(git-fixes CVE-2026-23145 bsc#1258326).
- Update
patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch
(git-fixes CVE-2025-71199 bsc#1257750).
- Update
patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch
(git-fixes CVE-2025-71198 bsc#1257741).
- Update
patches.suse/intel_th-fix-device-leak-on-output-open.patch
(git-fixes CVE-2026-23091 bsc#1257813).
- Update
patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch
(git-fixes CVE-2026-23101 bsc#1257768).
- Update
patches.suse/mISDN-annotate-data-race-around-dev-work.patch
(git-fixes CVE-2026-23121 bsc#1258309).
- Update
patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch
(git-fixes CVE-2025-71200 bsc#1258222).
- Update
patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch
(git-fixes CVE-2026-23021 bsc#1257557).
- Update
patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch
(git-fixes CVE-2026-23172 bsc#1258519).
- Update
patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch
(git-fixes CVE-2026-23150 bsc#1258354).
- Update
patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch
(git-fixes CVE-2026-23167 bsc#1258374).
- Update
patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch
(git-fixes CVE-2025-71196 bsc#1257716).
- Update
patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch
(git-fixes CVE-2026-23176 bsc#1258256).
- Update
patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch
(git-fixes CVE-2026-23071 bsc#1257706).
- Update
patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch
(bsc#1256863 CVE-2025-71235 bsc#1258469).
- Update
patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch
(bsc#1256863 CVE-2025-71232 bsc#1258422).
- Update
patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch
(bsc#1256863 CVE-2025-71236 bsc#1258442).
- Update
patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch
(git-fixes CVE-2026-23090 bsc#1257759).
- Update
patches.suse/spi-spi-sprd-adi-Fix-double-free-in-probe-error-path.patch
(git-fixes CVE-2026-23068 bsc#1257805).
- Update
patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch
(git-fixes CVE-2026-23182 bsc#1258259).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch
(git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch
(git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338).
- Update
patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch
(git-fixes CVE-2026-23063 bsc#1257722).
- Update
patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch
(git-fixes CVE-2026-23096 bsc#1257809).
- Update
patches.suse/uacce-fix-isolate-sysfs-check-condition.patch
(git-fixes CVE-2026-23094 bsc#1257811).
- Update
patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch
(git-fixes CVE-2026-23056 bsc#1257729).
- Update
patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch
(git-fixes CVE-2025-71197 bsc#1257743).
- Update
patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23133 bsc#1258249).
- Update
patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23135 bsc#1258245).
- Update
patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch
(git-fixes CVE-2026-23152 bsc#1258252).
- Update
patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch
(stable-fixes CVE-2025-71224 bsc#1258824).
- Update
patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch
(git-fixes CVE-2026-23073 bsc#1257707).
- Update
patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch
(git-fixes CVE-2025-71234 bsc#1258419).
- Update
patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch
(git-fixes CVE-2025-71229 bsc#1258415).
- Update
patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch
(stable-fixes CVE-2025-71222 bsc#1258279).
- commit 30080c1
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
(CVE-2026-23166 bsc#1258272).
- net/mlx5e: TC, delete flows only for existing peers
(CVE-2026-23173 bsc#1258520).
- commit 1315a36
- device property: Allow secondary lookup in
fwnode_get_next_child_node() (git-fixes).
- commit 13b0bcb
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB
Audio 2.0 (stable-fixes).
- ALSA: usb-audio: Check max frame size for implicit feedback
mode, too (stable-fixes).
- commit 94dd673
- PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes).
- mmc: mmci: Fix device_node reference leak in
of_get_dml_pipe_index() (git-fixes).
- ALSA: usb-audio: Use correct version for UAC3 header validation
(git-fixes).
- ALSA: usb-audio: Use inclusive terms (git-fixes).
- ALSA: usb-audio: Cap the packet size pre-calculations
(git-fixes).
- ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite
devices (git-fixes).
- drm/bridge: samsung-dsim: Fix memory leak in error path
(git-fixes).
- drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
(git-fixes).
- drm/logicvc: Fix device node reference leak in
logicvc_drm_config_parse() (git-fixes).
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (git-fixes).
- drm/vmwgfx: Fix invalid kref_put callback in
vmw_bo_dirty_release (git-fixes).
- commit b1fa310
- scsi: core: Wake up the error handler when final completions
race against each other (CVE-2026-23110 bsc#1257761).
- commit 59f5efa
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 5bf422c
- netfilter: nf_conncount: update last_gc only when GC has been
performed (CVE-2026-23139 bsc#1258304).
- commit 9a70b26
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- ipmi: ipmb: initialise event handler read bytes (git-fixes).
- wifi: mac80211: fix NULL pointer dereference in
mesh_rx_csa_frame() (git-fixes).
- wifi: mac80211: bounds-check link_id in
ieee80211_ml_reconfiguration (git-fixes).
- wifi: radiotap: reject radiotap with unknown bits (git-fixes).
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
(git-fixes).
- wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes).
- net: usb: kaweth: validate USB endpoints (git-fixes).
- net: usb: kalmia: validate USB endpoints (git-fixes).
- nfc: pn533: properly drop the usb interface reference on
disconnect (git-fixes).
- Bluetooth: L2CAP: Fix missing key size check for
L2CAP_LE_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix not checking output MTU is acceptable
on L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes).
- Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
(git-fixes).
- net: usb: pegasus: enable basic endpoint checking (git-fixes).
- net: wan: farsync: Fix use-after-free bugs caused by unfinished
tasklets (git-fixes).
- net: usb: lan78xx: scan all MDIO addresses on LAN7801
(git-fixes).
- net: usb: kaweth: remove TX queue manipulation in
kaweth_set_rx_mode (git-fixes).
- commit d2c7de0
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 2e0cb69
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(CVE-2026-23213 bsc#1258465).
- commit bec3979
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(CVE-2026-23213 bsc#1258465).
- commit 3b81ead
- media: dvb-core: fix wrong reinitialization of ringbuffer on
reopen (git-fixes).
- commit ba51966
- NFS: Fix a deadlock involving nfs_release_folio()
(CVE-2026-23053 bsc#1257718).
- commit 492ba43
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit e973f50
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing
memslot (CVE-2025-68810 bsc#1256679).
- commit a9c2c12
- md: suspend array while updating raid_disks via sysfs
(CVE-2025-71225, bsc#1258411).
- commit 22f1953
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 069aa1f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit f42de87
- Move upstreamed mm and SCSI patches into sorted section
- commit 2b576e9
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- net: fix memory leak in skb_segment_list for GRO packets
(CVE-2026-22979 bsc#1257228).
- commit 59160d7
- rpm/check-for-config-changes: add OPENSSL_SUPPORTS_ to IGNORED_CONFIGS_RE
Config option OPENSSL_SUPPORTS_ML_DSA was introduced by mainline commit
0ad9a71933e7 ("modsign: Enable ML-DSA module signing") in 7.0-rc1
- commit 21b4616
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- bonding: only set speed/duplex to unknown, if getting speed
failed (bsc#1253691).
- commit 0b66a07
- rtc: interface: Alarm race handling should not discard preceding
error (git-fixes).
- commit f96272c
- NTB: ntb_transport: Fix too small buffer for debugfs_name
(git-fixes).
- commit 269c576
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 895c473
- ASoC: rockchip: i2s-tdm: Use param rate if not provided by
set_sysclk (git-fixes).
- drm/amd/display: Use same max plane scaling limits for all 64
bpp formats (git-fixes).
- drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
(git-fixes).
- drm/i915/acpi: free _DSM package when no connectors (git-fixes).
- drm/amd: Fix hang on amdgpu unload by using
pci_dev_is_disconnected() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
(git-fixes).
- efi: Fix reservation of unaccepted memory table (git-fixes).
- commit 2183b13
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- net: nfc: nci: Fix parameter validation for packet data
(git-fixes).
- atm: fore200e: fix use-after-free in tasklets during device
removal (git-fixes).
- USB: serial: option: add Telit FN920C04 RNDIS compositions
(stable-fixes).
- fbdev: smscufx: properly copy ioctl memory to kernelspace
(stable-fixes).
- bus: fsl-mc: fix use-after-free in driver_override_show()
(git-fixes).
- ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes).
- ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
(stable-fixes).
- platform/x86: classmate-laptop: Add missing NULL pointer checks
(stable-fixes).
- platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro
(stable-fixes).
- platform/x86: panasonic-laptop: Fix sysfs group leak in error
path (stable-fixes).
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock
(stable-fixes).
- drm/tegra: hdmi: sor: Fix error: variable ājā set but not
used (stable-fixes).
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in
sysfs show functions (stable-fixes).
- commit 436dcdb
- config.conf: Drop armv7hl builds
commit 09ee386c4ae dropped support for armv7hl
in SLE15-SP7, SUSE-2024 never supported it,
therefore, no branch downstream of fixes/linux-6.4
supports this arch (bsc#1255265).
- commit 5dc5aaf
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online
CPUs (git-fixes).
- ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
(git-fixes).
- powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version
check (git-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments
(git-fixes).
- commit 700df2d
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit e8190a1
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit 2a01723
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- Workaround for hybrid git workflow in SLFO 1.0/1.1
- commit 7ab5a74
- dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
(git-fixes).
- usb: dwc2: fix resume failure if dr_mode is host (git-fixes).
- usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
(git-fixes).
- usb: bdc: fix sleep during atomic (git-fixes).
- serial: SH_SCI: improve "DMA support" prompt (git-fixes).
- serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes).
- staging: rtl8723bs: fix null dereference in find_network
(git-fixes).
- iio: sca3000: Fix a resource leak in sca3000_probe()
(git-fixes).
- iio: gyro: itg3200: Fix unchecked return value in read_raw
(git-fixes).
- drivers: iio: mpu3050: use dev_err_probe for regulator request
(git-fixes).
- fpga: dfl: use subsys_initcall to allow built-in drivers to
be added (git-fixes).
- commit e89b2ea
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit 27fe347
- leds: qcom-lpg: Check the return value of regmap_bulk_write()
(git-fixes).
- backlight: qcom-wled: Change PM8950 WLED configurations
(git-fixes).
- backlight: qcom-wled: Support ovp values for PMI8994
(git-fixes).
- mfd: arizona: Fix regulator resource leak on
wm5102_clear_write_sequencer() failure (git-fixes).
- mfd: core: Add locking around 'mfd_of_node_list' (git-fixes).
- mfd: tps6105x: Fix kernel-doc warnings relating to the core
struct and tps6105x_mode (git-fixes).
- Revert "mfd: da9052-spi: Change read-mask to write-mask"
(stable-fixes).
- pinctrl: single: fix refcount leak in pcs_add_gpio_func()
(git-fixes).
- pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
(git-fixes).
- pinctrl: equilibrium: Fix device node reference leak in
pinbank_init() (git-fixes).
- Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB
(stable-fixes).
- commit 516fe60
- Input: stmfts - make comments correct (git-fixes).
- Input: stmfts - correct wording for the warning message
(git-fixes).
- clk: qcom: gfx3d: add parent to parent request map (git-fixes).
- clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
(git-fixes).
- clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: rcg2: compute 2d using duty fraction directly
(git-fixes).
- clk: mediatek: Fix error handling in runtime PM setup
(git-fixes).
- clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes).
- clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak in
tegra124_clk_register_emc() (git-fixes).
- clk: tegra: tegra124-emc: fix device leak on set_rate()
(git-fixes).
- clk: clk-apple-nco: Add "apple,t8103-nco" compatible
(git-fixes).
- clk: renesas: rzg2l: Select correct div round macro (git-fixes).
- clk: renesas: rzg2l: Fix intin variable size (git-fixes).
- fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
(git-fixes).
- fbdev: of: display_timing: fix refcount leak in
of_get_display_timings() (git-fixes).
- fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes).
- fbcon: check return value of con2fb_acquire_newinfo()
(git-fixes).
- fbdev: rivafb: fix divide error in nv3_arb() (git-fixes).
- rpmsg: core: fix race in driver_override_show() and use core
helper (git-fixes).
- commit b135afb
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- commit 2fe2c66
- crypto: ccp - Add an S4 restore flow (git-fixes).
- tools/power/x86/intel-speed-select: Fix file descriptor leak
in isolate_cpus() (git-fixes).
- mtd: rawnand: pl353: Fix software ECC support (git-fixes).
- mtd: spinand: Fix kernel doc (git-fixes).
- mtd: rawnand: cadence: Fix return type of CDMA send-and-wait
helper (git-fixes).
- mtd: parsers: ofpart: fix OF node refcount leak in
parse_fixed_partitions() (git-fixes).
- mtd: parsers: Fix memory leak in
mtd_parser_tplink_safeloader_parse() (git-fixes).
- commit 766aa67
- ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763).
- net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
(CVE-2026-23035 bsc#1257559).
- idpf: fix error handling in the init_task on load
(CVE-2026-23017 bsc#1257552).
- commit fb93c36
- power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
(git-fixes).
- power: supply: wm97xx: Fix NULL pointer dereference in
power_supply_changed() (git-fixes).
- power: supply: bq27xxx: fix wrong errno when bus ops are
unsupported (git-fixes).
- power: reset: nvmem-reboot-mode: respect cell size for
nvmem_cell_write (git-fixes).
- power: supply: sbs-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: rt9455: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: goldfish: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: cpcap-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq25980: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq256xx: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: act8945a: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: ab8500: Fix use-after-free in
power_supply_changed() (git-fixes).
- ata: pata_ftide010: Fix some DMA timings (git-fixes).
- rapidio: replace rio_free_net() with kfree() in
rio_scan_alloc_net() (git-fixes).
- commit 46137a2
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 75a3dd5
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit a17643b
- Update upstreamed net and powerpc patch references and sorting
- commit 638a424
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit 1d88ad6
- vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057).
- commit 09262b6
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit f5cd5c5
- wifi: ath10k: sdio: add missing lock protection in
ath10k_sdio_fw_crashed_dump() (git-fixes).
- wifi: ath9k: fix kernel-doc warnings in common-debug.h
(git-fixes).
- wifi: ath9k: debug.h: fix kernel-doc bad lines and struct
ath_tx_stats (git-fixes).
- wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes).
- wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
(git-fixes).
- wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
(git-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh
(git-fixes).
- soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
(git-fixes).
- soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in
cmd_db_dev_probe (git-fixes).
- soc: qcom: smem: handle ENOMEM error during probe (git-fixes).
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt
twice (stable-fixes).
- wifi: mac80211: correctly check if CSA is active (stable-fixes).
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
(stable-fixes).
- wifi: mac80211: collect station statistics earlier when
disconnect (stable-fixes).
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(stable-fixes).
- wifi: wlcore: ensure skb headroom before skb_push
(stable-fixes).
- commit 7dd6fbf
- PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
(git-fixes).
- PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
(git-fixes).
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI/portdrv: Fix potential resource leak (git-fixes).
- PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes).
- PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page()
fails (git-fixes).
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(git-fixes).
- Revert "PCI/IOV: Add PCI rescan-remove locking when
enabling/disabling SR-IOV" (git-fixes).
- PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes).
- PCI: Initialize RCB from pci_configure_device() (git-fixes).
- PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
(git-fixes).
- regulator: core: move supply check earlier in
set_machine_constraints() (git-fixes).
- regulator: core: fix locking in regulator_resolve_supply()
error path (git-fixes).
- platform/chrome: cros_ec_lightbar: Fix response size
initialization (git-fixes).
- platform/chrome: cros_typec_switch: Don't touch struct
fwnode_handle::dev (git-fixes).
- soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
(git-fixes).
- soc: ti: k3-socinfo: Fix regmap leak on probe failure
(git-fixes).
- regmap: maple: free entry on mas_store_gfp() failure
(stable-fixes).
- commit 5d29d16
- nfc: hci: shdlc: Stop timers and work before freeing context
(git-fixes).
- PCI: Do not attempt to set ExtTag for VFs (git-fixes).
- PCI: endpoint: Fix swapped parameters in
pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes).
- media: uvcvideo: Fix allocation for small frame sizes
(git-fixes).
- media: venus: vdec: fix error state assignment for zero
bytesused (git-fixes).
- media: ccs: Accommodate C-PHY into the calculation (git-fixes).
- media: i2c: ov5647: use our own mutex for the ctrl lock
(git-fixes).
- media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
(git-fixes).
- media: i2c: ov5647: Sensor should report RAW color space
(git-fixes).
- media: i2c: ov5647: Correct minimum VBLANK value (git-fixes).
- media: i2c: ov5647: Correct pixel array offset (git-fixes).
- media: i2c: ov5647: Initialize subdev before controls
(git-fixes).
- media: ccs: Avoid possible division by zero (git-fixes).
- media: qcom: camss: vfe: Fix out-of-bounds access in
vfe_isr_reg_update() (git-fixes).
- media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
(git-fixes).
- media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
(git-fixes).
- media: cx25821: Add missing unmap in snd_cx25821_hw_params()
(git-fixes).
- media: cx23885: Add missing unmap in snd_cx23885_hw_params()
(git-fixes).
- media: cx88: Add missing unmap in snd_cx88_hw_params()
(git-fixes).
- net: usb: sr9700: support devices with virtual driver CD
(stable-fixes).
- commit b9e0ae7
- drm/msm/a2xx: fix pixel shader start on A225 (git-fixes).
- drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes).
- drm/buddy: Prevent BUG_ON by validating rounded allocation
(git-fixes).
- drm/tegra: dsi: fix device leak on probe (git-fixes).
- media: radio-keene: fix memory leak in error path (git-fixes).
- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
(git-fixes).
- media: mtk-mdp: Fix error handling in probe function
(git-fixes).
- HID: hid-pl: handle probe errors (git-fixes).
- HID: playstation: Add missing check for input_ff_create_memless
(git-fixes).
- Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
(git-fixes).
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler
optimization induced race (git-fixes).
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30
(2d99:a101) (stable-fixes).
- HID: i2c-hid: fix potential buffer overflow in
i2c_hid_get_report() (stable-fixes).
- HID: quirks: Add another Chicony HP 5MP Cameras to
hid_ignore_list (stable-fixes).
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
(stable-fixes).
- HID: intel-ish-hid: Reset enum_devices_done before enumeration
(stable-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device
ID table (stable-fixes).
- HID: playstation: Center initial joystick axes to prevent
spurious events (stable-fixes).
- commit a4d4518
- Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
(git-fixes).
- ASoC: amd: drop unused Kconfig symbols (git-fixes).
- ASoC: pxa: drop unused Kconfig symbol (git-fixes).
- ASoC: SOF: ipc4-control: Keep the payload size up to date
(git-fixes).
- ASoC: SOF: ipc4-control: Use the correct size for
scontrol->ipc_control_data (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the allocation size for
bytes controls (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes
update (git-fixes).
- bus: fsl-mc: fix an error handling in fsl_mc_device_add()
(git-fixes).
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
(stable-fixes).
- ASoC: tlv320adcx140: Propagate error codes during probe
(stable-fixes).
- ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes).
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
(stable-fixes).
- commit cd7803f
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes).
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
correctly (git-fixes).
- crypto: virtio - Remove duplicated virtqueue_kick in
virtio_crypto_skcipher_crypt_req (git-fixes).
- crypto: virtio - Add spinlock protection with virtqueue
notification (git-fixes).
- crypto: hisilicon/sec2 - support skcipher/aead fallback for
hardware queue unavailable (git-fixes).
- crypto: octeontx - fix dma_free_coherent() size (git-fixes).
- crypto: cavium - fix dma_free_coherent() size (git-fixes).
- crypto: iaa - Fix out-of-bounds index in
find_empty_iaa_compression_mode (git-fixes).
- crypto: octeontx - Fix length check to avoid truncation in
ucode_load_store (git-fixes).
- crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes).
- crypto: qat - fix parameter order used in
ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes).
- Documentation: mailbox: mbox_chan_ops.flush() is optional
(git-fixes).
- commit ef8920f
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit e3370c0
- arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107)
- commit c430300
- arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102)
- commit 6759c0c
- arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772 CVE-2026-23102)
- commit 1baf93e
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons
(bsc#1257942 bsc#1257246 CVE-2026-23003).
- commit 3935902
- vxlan: Pull inner IP header in vxlan_xmit_one() (bsc#1257942
bsc#1257246 CVE-2026-23003).
- commit 8097957
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
(git-fixes).
- PM: wakeup: Handle empty list in wakeup_sources_walk_start()
(git-fixes).
- ACPICA: Fix NULL pointer dereference in
acpi_ev_address_space_dispatch() (git-fixes).
- tpm: st33zp24: Fix missing cleanup on get_burstcount() error
(git-fixes).
- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount()
failure (git-fixes).
- i3c: dw: Initialize spinlock to avoid upsetting lockdep
(git-fixes).
- i3c: Move device name assignment after i3c_bus_init (git-fixes).
- auxdisplay: arm-charlcd: fix release_mem_region() size
(git-fixes).
- commit b423671
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- spi: tegra114: Preserve SPI mode bits in def_command1_reg
(git-fixes).
- spi: tegra: Fix a memory leak in tegra_slink_probe()
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer clearing in
tegra_qspi_non_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer in
tegra_qspi_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer assignment in
tegra_qspi_setup_transfer_one (git-fixes).
- spi: tegra210-quad: Move curr_xfer read inside spinlock
(git-fixes).
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already
processed transfer (git-fixes).
- commit 95b4070
- ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (stable-fixes).
- ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
(stable-fixes).
- ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel
(stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound (stable-fixes).
- commit e53fbb8
- ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
(git-fixes).
- hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes).
- drm/amd/display: fix wrong color value mapping on MCM shaper
LUT (git-fixes).
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
(git-fixes).
- drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes).
- efivarfs: fix error propagation in efivar_entry_get()
(git-fixes).
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
(stable-fixes).
- gpio: pca953x: mask interrupts in irq shutdown (stable-fixes).
- drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/soc21: fix xclk for APUs (stable-fixes).
- pinctrl: meson: mark the GPIO controller as sleeping
(git-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- commit 1cabea4
- net: openvswitch: fix middle attribute validation in push_nsh()
action (CVE-2025-68785 bsc#1256640).
- commit 3dbef50
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- iomap: account for unaligned end offsets when truncating read
range (git-fixes).
- blacklist.conf: Blacklist 40a71b53d5a6 and 524c3853831c
- commit 6f0c964
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
(git-fixes).
- commit c2e8303
- mptcp: avoid deadlock on fallback while reinjecting
(CVE-2025-71126 bsc#1256755).
- mptcp: reset fallback status gracefully at disconnect() time
(CVE-2025-71126 bsc#1256755).
- commit 3b7ecc1
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 2b67457
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 167d4d3
- platform/x86: intel_telemetry: Fix PSS event register mask
(git-fixes).
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output
(git-fixes).
- platform/x86: toshiba_haps: Fix memory leaks in add/remove
routines (git-fixes).
- commit 41b7ff7
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- util-linux:systemd
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- util-linux
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libxslt
-
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
- gnutls
-
- Add the functionality to allow to specify the hash algorithm for
the PSK. This fixes a bug in the current implementation where the
binder is always calculated with SHA256.
* (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
* lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
* tests/psk-file: Add testing for _credentials2 functions
* lib/psk: add null check for binder algo
* pre_shared_key: fix memleak when retrying with different binder algo
* pre_shared_key: add null check on pskcred
* Add patches:
- gnutls-PSK-hash.patch
- gnutls-PSK-hash-tests.patch
- gnutls-PSK-hash-NULL-check.patch
- gnutls-PSK-hash-NULL-check-pskcred.patch
- gnutls-PSK-hash-fix-memleak.patch
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- python311:base
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
overflow in zipOpenNewFileInZip4_6, bsc#1216378
* CVE-2023-45853.patch
- openssh
-
- Add openssh-7.7p1-gssapi-new-unique.patch (bsc#1258166). This
allows using SSSD with a non-file backend.
- Add openssh-cve-2025-61984-username-validation.patch
(bsc#1251198, CVE-2025-61984).
- Add openssh-cve-2025-61985-nul-url-encode.patch
(bsc#1251199, CVE-2025-61985).
- python-cryptography
-
- CVE-2026-26007: Subgroup Attack Due to Missing Subgroup
Validation for SECT Curves (bsc#1258074)
* added CVE-2026-26007.patch
- python311
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- read-only-root-fs
-
- Add patch to fix workaround for read-only / subvolumes (bsc#1252892):
* 0001-Fix-workaround-for-read-only-subvolumes-by-remountin.patch
- server-attestation-image
-
n/a
- server-hub-xmlrpc-api-image
-
n/a
- server-image
-
n/a
- server-migration-14-16-image
-
n/a
- server-postgresql-image
-
n/a
- server-saline-image
-
n/a