- bind
-
- Upgrade to release 9.20.18
Security Fixes:
* Fix incorrect length checks for BRID and HHIT records.
(CVE-2025-13878)
[bsc#1256997]
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- glibc
-
- memalign-overflow-check.patch: memalign: reinstate alignment overflow
check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache
contention workloads (bsc#1256437, BZ #33704)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- kernel-default
-
- ext4: use optimized mballoc scanning regardless of inode format
(bsc#1254378).
- commit aa95fec
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit e7dee05
- x86/microcode/AMD: Select which microcode patch to load
(bsc#1256528).
- Refresh
patches.suse/x86-microcode-AMD-Handle-the-case-of-no-BIOS-microcode.patch.
- commit 3b809fe
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix
Halo (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
(bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking
(bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known
generations (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples
(bsc#1256528).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final
(bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load
microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block
loading of any unreleased standalone Zen5 microcode patches
(bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
(bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check
(bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches
(bsc#1256528).
- commit ed14359
- bpf: Fix invalid prog->stats access when update_effective_progs
fails (CVE-2025-68742 bsc#1255707).
- commit 53d4b3c
- bpf: Improve program stats run-time calculation (CVE-2025-68742
bsc#1255707).
- commit 4ed738f
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit dce9b13
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 46a797f
- bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242)
- commit 85b99e2
- tracing: Fix access to trace_event_file (bsc#1254373).
- commit 768b257
- Move out-of-tree patches into the right section
- commit 314797b
- drm/sched: Fix race in drm_sched_entity_select_rq() (git-fixes).
- commit d597802
- virtio_console: fix order of fields cols and rows
(stable-fixes).
- commit 0d412d7
- drm/amdgpu: Forward VMID reservation errors (git-fixes).
- commit a7344a2
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling
(stable-fixes).
- Refresh
patches.suse/pinctrl-single-fix-bias-pull-up-down-handling-in-pin.patch.
- commit bc41b99
- usb: ohci-nxp: fix device leak on probe failure (git-fixes).
- usb: usb-storage: Maintain minimal modifications to the
bcdDevice range (git-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042
quirk table (stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- i2c: designware: Disable SMBus interrupts to prevent storms
from mis-configured firmware (stable-fixes).
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to
VGBS DMI quirks (stable-fixes).
- pinctrl: single: Fix incorrect type for error return variable
(git-fixes).
- i3c: fix refcount inconsistency in i3c_master_register
(git-fixes).
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE
parsing (stable-fixes).
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie()
parser (stable-fixes).
- USB: serial: option: move Telit 0x10c7 composition in the
right place (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 new
compositions (stable-fixes).
- USB: serial: option: add Foxconn T99W760 (stable-fixes).
- USB: serial: ftdi_sio: match on interface number for jtag
(stable-fixes).
- usb: usb-storage: No additional quirks need to be added to
the EL-R12 optical drive (stable-fixes).
- usb: dwc2: fix hang during shutdown if set as peripheral
(git-fixes).
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
(stable-fixes).
- usb: typec: ucsi: Handle incorrect num_connectors capability
(stable-fixes).
- usbip: Fix locking bug in RT-enabled kernels (stable-fixes).
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
(stable-fixes).
- serial: add support of CPCI cards (stable-fixes).
- char: applicom: fix NULL pointer dereference in ac_ioctl
(stable-fixes).
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for
gcc complains (stable-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- via_wdt: fix critical boot hang due to unnamed resource
allocation (stable-fixes).
- ipmi: Fix __scan_channels() failing to rescan channels
(stable-fixes).
- ipmi: Fix the race between __scan_channels() and
deliver_response() (stable-fixes).
- reset: fix BIT macro reference (stable-fixes).
- firmware: imx: scu-irq: Init workqueue before request mbox
channel (stable-fixes).
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
(stable-fixes).
- mmc: sdhci-msm: Avoid early clock doubling during HS400
transition (stable-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation
of appl_ptr (git-fixes).
- media: amphion: Remove vpu_vb_is_codecconfig (git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
(stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1
(stable-fixes).
- ACPI: property: Use ACPI functions in
acpi_graph_get_next_endpoint() only (stable-fixes).
- ACPICA: Avoid walking the Namespace if start_node is NULL
(stable-fixes).
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration
(stable-fixes).
- platform/x86: acer-wmi: Ignore backlight event (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
(stable-fixes).
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally
(stable-fixes).
- platform/x86: huawei-wmi: add keys for HONOR models
(stable-fixes).
- HID: elecom: Add support for ELECOM M-XT3URBK (018F)
(stable-fixes).
- HID: hid-input: Extend Elan ignore battery quirk to USB
(stable-fixes).
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk
list (stable-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- spi: xilinx: increase number of retries before declaring stall
(stable-fixes).
- spi: imx: keep dma request disabled before dma transfer setup
(stable-fixes).
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series
(stable-fixes).
- Bluetooth: btrtl: Avoid loading the config file on security
chips (stable-fixes).
- media: amphion: Make some vpu_v4l2 functions static
(stable-fixes).
- usb: dwc2: disable platform lowlevel hw resources during
shutdown (stable-fixes).
- media: amphion: Add a frame flush mode for decoder
(stable-fixes).
- usb: ohci-nxp: Use helper function devm_clk_get_enabled()
(stable-fixes).
- drm/tilcdc: request and mapp iomem with devres (stable-fixes).
- media: verisilicon: g2: Use common helpers to compute chroma
and mv offsets (stable-fixes).
- media: verisilicon: Store chroma and motion vectors offset
(stable-fixes).
- i3c: master: Inherit DMA masks and parameters from parent device
(stable-fixes).
- commit bc3be49
- supported.conf: mark ksmbd unsupported
Based on discussion with Enzo Matsumiya it has tuned out that ksmbd
module is unsupported but the supported.conf entry is incorrect. Fix
that.
- commit c800e3f
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in
EEH event handling (bsc#1253262 ltc#216029).
- commit daa4104
- Update
patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch
(git-fixes CVE-2025-40294 bsc#1255181).
- Update
patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch
(git-fixes CVE-2025-40213 bsc#1253674).
- Update
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch
(git-fixes CVE-2025-68298 bsc#1255124).
- Update
patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch
(git-fixes CVE-2025-68306 bsc#1255145).
- Update
patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch
(git-fixes CVE-2025-68749 bsc#1255724).
- Update
patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch
(stable-fixes CVE-2025-40354 bsc#1255316).
- Update
patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch
(stable-fixes CVE-2025-68190 bsc#1255131).
- Update
patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch
(stable-fixes CVE-2025-68230 bsc#1255134).
- Update
patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch
(stable-fixes CVE-2025-40339 bsc#1255428).
- Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch
(stable-fixes CVE-2025-68201 bsc#1255136).
- Update
patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch
(bsc#1243112 CVE-2025-40332 bsc#1255116).
- Update
patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch
(git-fixes CVE-2025-68184 bsc#1255220).
- Update
patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch
(git-fixes CVE-2025-68747 bsc#1255723).
- Update
patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch
(git-fixes CVE-2025-40225 bsc#1254827).
- Update
patches.suse/drm-panthor-Flush-shmem-writes-before-mapping-buffer.patch
(git-fixes CVE-2025-40276 bsc#1254824).
- Update
patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch
(git-fixes CVE-2025-68170 bsc#1255256).
- Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch
(git-fixes CVE-2025-68181 bsc#1255247).
- Update
patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch
(stable-fixes CVE-2025-68223 bsc#1255357).
- Update
patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch
(git-fixes CVE-2025-40360 bsc#1255095).
- Update
patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch
(stable-fixes CVE-2025-40340 bsc#1254996).
- Update
patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch
(git-fixes CVE-2025-68207 bsc#1255234).
- Update
patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch
(git-fixes CVE-2025-40302 bsc#1255196).
- Update
patches.suse/perf-x86-intel-Fix-KASAN-global-out-of-bounds-warning.patch
(git-fixes CVE-2025-40359 bsc#1255087).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- commit 946dbf2
- Update
patches.suse/1260-drm-amdkfd-Add-missing-gfx11-MQD-manager-callbacks.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54261
bsc#1255879).
- Update
patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch
(git-fixes CVE-2025-40211 bsc#1254126).
- Update
patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch
(git-fixes CVE-2025-68346 bsc#1255603).
- Update
patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch
(git-fixes CVE-2025-68753 bsc#1256238).
- Update
patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch
(git-fixes CVE-2025-68347 bsc#1255706).
- Update
patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch
(git-fixes CVE-2025-68345 bsc#1255601).
- Update
patches.suse/ALSA-pcm-Fix-potential-data-race-at-PCM-memory-.patch
(bsc#1012628 CVE-2023-54072 bsc#1256291).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch
(git-fixes CVE-2025-40275 bsc#1254829).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-memory-leaks-at-error-p.patch
(jsc#PED-6045 jsc#PED-6036 jsc#PED-6104 jsc#PED-6114
jsc#PED-6067 jsc#PED-6123 CVE-2023-54022 bsc#1255545).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
(stable-fixes CVE-2025-40269 bsc#1255035).
- Update
patches.suse/ASoC-codecs-wcd-mbhc-v2-fix-resource-leaks-on-c.patch
(bsc#1012628 CVE-2023-53842 bsc#1254690).
- Update
patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch
(git-fixes CVE-2025-40282 bsc#1254850).
- Update
patches.suse/Bluetooth-ISO-fix-iso_conn-related-locking-and-.patch
(bsc#1012628 CVE-2023-54164 bsc#1256071).
- Update
patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch
(git-fixes CVE-2025-40284 bsc#1254860).
- Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch
(stable-fixes CVE-2025-40309 bsc#1255065).
- Update
patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch
(stable-fixes CVE-2025-40308 bsc#1255064).
- Update
patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch
(git-fixes CVE-2025-40283 bsc#1254858).
- Update
patches.suse/Bluetooth-hci_conn-return-ERR_PTR-instead-of-NU.patch
(bsc#1012628 CVE-2023-54038 bsc#1255540).
- Update
patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch
(git-fixes CVE-2025-40301 bsc#1255193).
- Update
patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch
(git-fixes CVE-2025-68305 bsc#1255169).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-.patch
(bsc#1012628 CVE-2023-54210 bsc#1255955).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-for-h.patch
(git-fixes CVE-2023-53828 bsc#1254623).
- Update
patches.suse/Bluetooth-hci_sync-Fix-UAF-in-hci_disconnect_all_syn.patch
(git-fixes CVE-2023-53762 bsc#1254606).
- Update
patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch
(git-fixes CVE-2025-40318 bsc#1254798).
- Update
patches.suse/FS-JFS-Check-for-read-only-mounted-filesystem-i.patch
(bsc#1012628 CVE-2023-53766 bsc#1255005).
- Update
patches.suse/HID-hidraw-fix-data-race-on-device-refcount.patch
(bsc#1012628 CVE-2023-53759 bsc#1254663).
- Update
patches.suse/HID-uclogic-Correct-devm-device-reference-for-hidinp.patch
(git-fixes CVE-2023-54207 bsc#1255961).
- Update
patches.suse/HID-wacom-Use-ktime_t-rather-than-int-when-deal.patch
(bsc#1012628 CVE-2023-53797 bsc#1254733).
- Update
patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch
(stable-fixes CVE-2025-40263 bsc#1255077).
- Update
patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch
(git-fixes CVE-2025-40262 bsc#1254840).
- Update
patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch
(git-fixes CVE-2025-68217 bsc#1255221).
- Update
patches.suse/KVM-SVM-Get-source-vCPUs-from-source-VM-for-SEV-ES-i.patch
(git-fixes CVE-2023-54296 bsc#1255793).
- Update
patches.suse/KVM-s390-pv-fix-index-value-of-replaced-ASCE.patch
(bsc#1012628 CVE-2023-54092 bsc#1256370).
- Update patches.suse/MIPS-KVM-Fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-54241 bsc#1255838).
- Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch
(git-fixes CVE-2025-40324 bsc#1254791).
- Update
patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch
(git-fixes CVE-2025-40273 bsc#1254828).
- Update patches.suse/PCI-DOE-Fix-destroy_work_on_stack-race.patch
(git-fixes CVE-2023-54235 bsc#1255921).
- Update
patches.suse/PCI-Free-released-resource-after-coalescing.patch
(git-fixes CVE-2023-53743 bsc#1254782).
- Update
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch
(git-fixes CVE-2025-40219 bsc#1254518).
- Update
patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch
(stable-fixes CVE-2025-68176 bsc#1255329).
- Update
patches.suse/RDMA-bnxt_re-Prevent-handling-any-completions-a.patch
(bsc#1012628 CVE-2023-54048 bsc#1256395).
- Update
patches.suse/RDMA-efa-Fix-wrong-resources-deallocation-order.patch
(git-fixes CVE-2023-54201 bsc#1255964).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-completion-stat.patch
(bsc#1012628 CVE-2023-54302 bsc#1255792).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-request-done.patch
(bsc#1012628 CVE-2023-54292 bsc#1255800).
- Update
patches.suse/Revert-IB-isert-Fix-incorrect-release-of-isert-conne.patch
(git-fixes CVE-2023-54219 bsc#1256231).
- Update
patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch
(stable-fixes CVE-2025-40311 bsc#1255068).
- Update
patches.suse/accel-qaic-Clean-up-integer-overflow-checking-.patch
(bsc#1012628 CVE-2023-53778 bsc#1254761).
- Update
patches.suse/af_unix-Fix-data-race-around-unix_tot_inflight.patch
(git-fixes CVE-2023-54006 bsc#1255591).
- Update patches.suse/amba-bus-fix-refcount-leak.patch (git-fixes
CVE-2023-54230 bsc#1255925).
- Update
patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch
(stable-fixes CVE-2025-40310 bsc#1255041).
- Update
patches.suse/amdgpu-validate-offset_in_bo-of-drm_amdgpu_gem_.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53819
bsc#1254712).
- Update patches.suse/arm64-mm-fix-VA-range-sanity-check.patch
(bsc#1012628 CVE-2023-53989 bsc#1256302).
- Update
patches.suse/arm64-set-__exception_irq_entry-with-__irq_entr.patch
(bsc#1012628 CVE-2023-54322 bsc#1255763).
- Update
patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch
(git-fixes CVE-2025-68339 bsc#1255505).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/autofs-fix-memory-leak-of-waitqueues-in-autofs_catat.patch
(git-fixes CVE-2023-54134 bsc#1256106).
- Update
patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch
(git-fixes CVE-2025-68758 bsc#1255944).
- Update
patches.suse/bcache-fixup-btree_cache_wait-list-damage.patch
(bsc#1012628 CVE-2023-54293 bsc#1255801).
- Update patches.suse/binder-fix-memory-leak-in-binder_init.patch
(bsc#1012628 CVE-2023-54005 bsc#1255629).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/blk-cgroup-hold-queue_lock-when-removing-blkg-.patch
(bsc#1012628 CVE-2023-54088 bsc#1256263).
- Update
patches.suse/blk-mq-fix-tags-leak-when-shrink-nr_hw_queues.patch
(bsc#1216436 CVE-2023-54227 bsc#1255952).
- Update
patches.suse/block-fix-blktrace-debugfs-entries-leakage.patch
(bsc#1012628 CVE-2023-54209 bsc#1255963).
- Update
patches.suse/block-rq_qos-protect-rq_qos-apis-with-a-new-loc.patch
(bsc#1012628 CVE-2023-53823 bsc#1254691).
- Update
patches.suse/bpf-Address-KCSAN-report-on-bpf_lru_list.patch
(bsc#1012628 CVE-2023-54283 bsc#1255809).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_event_output.patch
(bsc#1012628 CVE-2023-54173 bsc#1255996).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_perf_event_outpu.patch
(bsc#1012628 CVE-2023-54303 bsc#1255785).
- Update
patches.suse/bpf-Fix-issue-in-verifying-allow_ptr_leaks.patch
(jsc#PED-6811 CVE-2023-54181 bsc#1255988).
- Update
patches.suse/bpf-Silence-a-warning-in-btf_type_id_size.patch
(bsc#1012628 CVE-2023-54247 bsc#1255892).
- Update
patches.suse/bpf-bpf_sk_storage-Fix-invalid-wait-context-lockdep-.patch
(jsc#PED-6811 CVE-2023-53857 bsc#1254648).
- Update
patches.suse/bpf-drop-unnecessary-user-triggerable-WARN_ONCE.patch
(bsc#1012628 CVE-2023-54145 bsc#1256090).
- Update
patches.suse/bpf-sockmap-Fix-skb-refcnt-race-after-locking-change.patch
(jsc#PED-6811 CVE-2023-53836 bsc#1254693).
- Update
patches.suse/btrfs-fix-incorrect-splitting-in-btrfs_drop_ex.patch
(bsc#1012628 CVE-2023-54121 bsc#1256267).
- Update
patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch
(git-fixes CVE-2023-54224 bsc#1255951).
- Update
patches.suse/btrfs-fix-race-between-balance-and-cancel-pause.patch
(bsc#1012628 CVE-2023-54023 bsc#1256301).
- Update
patches.suse/btrfs-fix-race-when-deleting-free-space-root-fr.patch
(bsc#1012628 CVE-2023-54067 bsc#1256369).
- Update
patches.suse/btrfs-fix-race-when-deleting-quota-root-from-th.patch
(bsc#1012628 CVE-2023-54032 bsc#1255617).
- Update
patches.suse/btrfs-fix-warning-when-putting-transaction-with.patch
(bsc#1012628 CVE-2023-53865 bsc#1254762).
- Update
patches.suse/btrfs-release-path-before-inode-lookup-during-the-in.patch
(git-fixes CVE-2023-54281 bsc#1255820).
- Update
patches.suse/btrfs-remove-BUG_ON-s-in-add_new_free_space.patch
(bsc#1012628 CVE-2023-54185 bsc#1255984).
- Update
patches.suse/btrfs-set-page-extent-mapped-after-read_folio-in-rel.patch
(git-fixes CVE-2023-54253 bsc#1255891).
- Update
patches.suse/btrfs-zoned-fix-memory-leak-after-finding-block.patch
(bsc#1012628 CVE-2023-54297 bsc#1255795).
- Update
patches.suse/btrfs-zoned-skip-splitting-and-logical-rewriting-on-.patch
(bsc#1223731 CVE-2024-26944 CVE-2023-54080 bsc#1256367).
- Update
patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch
(git-fixes CVE-2025-68307 bsc#1255146).
- Update
patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch
(git-fixes CVE-2025-68308 bsc#1255149).
- Update
patches.suse/cifs-fix-potential-oops-in-cifs_oplock_break.patch
(bsc#1012628 CVE-2023-54258 bsc#1255886).
- Update
patches.suse/cifs-fix-session-state-check-in-reconnect-to-a.patch
(bsc#1012628 CVE-2023-53794 bsc#1255163).
- Update
patches.suse/clk-clocking-wizard-Fix-Oops-in-clk_wzrd_regist.patch
(bsc#1012628 CVE-2023-53807 bsc#1254724).
- Update
patches.suse/clk-imx93-fix-memory-leak-and-missing-unwind-go.patch
(bsc#1012628 CVE-2023-54221 bsc#1255842).
- Update
patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch
(git-fixes CVE-2025-68332 bsc#1255483).
- Update
patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch
(git-fixes CVE-2025-68257 bsc#1255167).
- Update
patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch
(git-fixes CVE-2025-68258 bsc#1255182).
- Update
patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch
(git-fixes CVE-2025-68335 bsc#1255480).
- Update
patches.suse/crypto-api-Use-work-queue-in-crypto_destroy_instance.patch
(git-fixes CVE-2023-53799 bsc#1254732).
- Update
patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch
(git-fixes CVE-2025-68172 bsc#1255253).
- Update
patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch
(git-fixes CVE-2025-68724 bsc#1255550).
- Update
patches.suse/dccp-Fix-out-of-bounds-access-in-DCCP-error-handler.patch
(bsc#1220419 CVE-2023-53782 bsc#1254758).
- Update
patches.suse/dccp-fix-data-race-around-dp-dccps_mss_cache.patch
(bsc#1012628 CVE-2023-53839 bsc#1254655).
- Update
patches.suse/devlink-report-devlink_port_type_warn-source-de.patch
(bsc#1012628 CVE-2023-53841 bsc#1255009).
- Update
patches.suse/dm-don-t-attempt-to-queue-IO-under-RCU-protection-a9ce.patch
(jsc#PED-7514 CVE-2023-53860 bsc#1254626).
- Update
patches.suse/dm-fix-a-race-condition-in-retrieve_deps-f600.patch
(jsc#PED-7514 CVE-2023-54324 bsc#1255759).
- Update
patches.suse/driver-soc-xilinx-use-_safe-loop-iterator-to-av.patch
(bsc#1012628 CVE-2023-54101 bsc#1256153).
- Update
patches.suse/drm-amd-display-Check-NULL-before-accessing.patch
(stable-fixes CVE-2025-68286 bsc#1255351).
- Update
patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch
(git-fixes CVE-2025-68180 bsc#1255252).
- Update
patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch
(stable-fixes CVE-2025-40288 bsc#1255057).
- Update
patches.suse/drm-bridge-dw_hdmi-fix-connector-access-for-scd.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53784
bsc#1254765).
- Update
patches.suse/drm-client-Fix-memory-leak-in-drm_client_target.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54091
bsc#1256274).
- Update
patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch
(git-fixes CVE-2025-68244 bsc#1255190).
- Update
patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch
(git-fixes CVE-2025-40316 bsc#1254797).
- Update
patches.suse/drm-msm-dp-Drop-aux-devices-together-with-DP-co.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53851
bsc#1254695).
- Update
patches.suse/drm-mxsfb-Disable-overlay-plane-in-mxsfb_plane_overl.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53864
bsc#1254754).
- Update
patches.suse/drm-nouveau-kms-nv50-init-hpd_irq_lock-for-PIOR.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54263
bsc#1255883).
- Update
patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch
(git-fixes CVE-2025-40329 bsc#1254621).
- Update patches.suse/drm-tegra-Add-call-to-put_pid.patch
(git-fixes CVE-2025-68233 bsc#1255206).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-eviction-error.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54254
bsc#1255890).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-swapout-move-e.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53844
bsc#1254649).
- Update
patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch
(git-fixes CVE-2025-68757 bsc#1255943).
- Update
patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch
(git-fixes CVE-2025-40277 bsc#1254894).
- Update
patches.suse/erofs-kill-hooked-chains-to-avoid-loops-on-dedu.patch
(bsc#1012628 CVE-2023-53777 bsc#1254749).
- Update
patches.suse/exfat-use-kvmalloc_array-kvfree-instead-of-kma.patch
(bsc#1012628 CVE-2023-54194 bsc#1255974).
- Update
patches.suse/ext4-correct-grp-validation-in-ext4_mb_good_group.patch
(bsc#1234163 CVE-2023-53861 bsc#1254678).
- Update
patches.suse/ext4-fix-BUG-in-ext4_mb_new_inode_pa-due-to-overflow.patch
(bsc#1219165 CVE-2023-54069 bsc#1256371).
- Update
patches.suse/ext4-fix-rbtree-traversal-bug-in-ext4_mb_use_pr.patch
(bsc#1012628 CVE-2023-53813 bsc#1254717).
- Update
patches.suse/ext4-turn-quotas-off-if-mount-failed-after-enab.patch
(bsc#1012628 CVE-2023-54153 bsc#1256081).
- Update
patches.suse/f2fs-fix-to-do-sanity-check-on-direct-node-in-.patch
(bsc#1012628 CVE-2023-53846 bsc#1254983).
- Update
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch
(stable-fixes CVE-2025-40323 bsc#1255094).
- Update
patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch
(stable-fixes CVE-2025-40304 bsc#1255034).
- Update
patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch
(stable-fixes CVE-2025-40322 bsc#1255092).
- Update
patches.suse/firmware-meson_sm-fix-to-avoid-potential-NULL-pointe.patch
(git-fixes CVE-2023-54304 bsc#1255786).
- Update
patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch
(git-fixes CVE-2025-68328 bsc#1255489).
- Update
patches.suse/fs-Protect-reconfiguration-of-sb-read-write-fr.patch
(bsc#1012628 CVE-2023-54099 bsc#1256197).
- Update
patches.suse/fs-jfs-prevent-double-free-in-dbUnmount-after-failed-jfs_remount.patch
(git-fixes CVE-2023-54127 bsc#1256119).
- Update
patches.suse/fs-ntfs3-Return-error-for-inconsistent-extende.patch
(bsc#1012628 CVE-2023-54125 bsc#1256117).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-b.patch
(bsc#1012628 CVE-2023-54264 bsc#1255872).
- Update
patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch
(git-fixes CVE-2025-68732 bsc#1255688).
- Update
patches.suse/gtp-Fix-use-after-free-in-__gtp_encap_destroy.patch
(bsc#1012628 CVE-2023-54142 bsc#1256095).
- Update
patches.suse/hfs-validate-record-offset-in-hfsplus_bmap_alloc.patch
(git-fixes CVE-2025-40349 bsc#1255280).
- Update
patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-__hfsplus_ext_cache_extent.patch
(git-fixes CVE-2025-40244 bsc#1255033).
- Update
patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-hfsplus_delete_cat.patch
(git-fixes CVE-2025-40351 bsc#1255281).
- Update
patches.suse/hwrng-virtio-Fix-race-on-data_avail-and-actual-.patch
(bsc#1012628 CVE-2023-53998 bsc#1255578).
- Update
patches.suse/iavf-use-internal-state-to-free-traffic-IRQs.patch
(bsc#1012628 CVE-2023-53850 bsc#1254677).
- Update
patches.suse/ice-prevent-NULL-pointer-deref-during-reload.patch
(bsc#1012628 CVE-2023-54037 bsc#1255557).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(jsc#PED-4866 CVE-2023-54070 bsc#1256364).
- Update
patches.suse/igc-Fix-Kernel-Panic-during-ndo_tx_timeout-call.patch
(bsc#1012628 CVE-2023-54166 bsc#1256074).
- Update
patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch
(stable-fixes CVE-2025-68330 bsc#1255493).
- Update
patches.suse/iio-adc-ina2xx-avoid-NULL-pointer-dereference-.patch
(bsc#1012628 CVE-2023-53834 bsc#1254660).
- Update
patches.suse/iio-core-Prevent-invalid-memory-access-when-th.patch
(bsc#1012628 CVE-2023-54027 bsc#1255579).
- Update
patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch
(git-fixes CVE-2025-68740 bsc#1255812).
- Update
patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch
(stable-fixes CVE-2025-68183 bsc#1255251).
- Update
patches.suse/io_uring-net-don-t-overflow-multishot-recv.patch
(bsc#1215211 CVE-2023-54030 bsc#1255691).
- Update
patches.suse/iomap-Fix-possible-overflow-condition-in-iomap_write_delalloc_scan.patch
(jsc#PED-5453 CVE-2023-54285 bsc#1255807).
- Update
patches.suse/iommufd-IOMMUFD_DESTROY-should-not-increase-the.patch
(bsc#1012628 CVE-2023-53795 bsc#1254737).
- Update
patches.suse/iommufd-Set-end-correctly-when-doing-batch-carr.patch
(bsc#1012628 CVE-2023-54060 bsc#1256379).
- Update
patches.suse/ionic-remove-WARN_ON-to-prevent-panic_on_warn.patch
(bsc#1012628 CVE-2023-53994 bsc#1255570).
- Update
patches.suse/ip6_vti-fix-slab-use-after-free-in-decode_sess.patch
(bsc#1012628 CVE-2023-53821 bsc#1254669).
- Update
patches.suse/ipmi-ssif-Fix-a-memory-leak-when-scanning-for-an-ada.patch
(git-fixes CVE-2023-54064 bsc#1256375).
- Update
patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch
(git-fixes CVE-2025-68766 bsc#1255932).
- Update
patches.suse/isdn-mISDN-hfcsusb-fix-memory-leak-in-hfcsusb_probe.patch
(git-fixes CVE-2025-68734 bsc#1255538).
- Update
patches.suse/jfs-Verify-inode-mode-when-loading-from-disk.patch
(git-fixes CVE-2025-40312 bsc#1255046).
- Update
patches.suse/jfs-fix-uninitialized-waitqueue-in-transaction-manager.patch
(git-fixes CVE-2025-68168 bsc#1255100).
- Update
patches.suse/kcm-Fix-error-handling-for-SOCK_DGRAM-in-kcm_sendmsg.patch
(bsc#1220419 CVE-2023-53825 bsc#1254707).
- Update
patches.suse/kcm-Fix-memory-leak-in-error-path-of-kcm_sendmsg.patch
(bsc#1220419 CVE-2023-54112 bsc#1256354).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s.patch
(bsc#1012628 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/maple_tree-fix-potential-out-of-bounds-access-i.patch
(bsc#1012628 CVE-2023-54135 bsc#1256107).
- Update
patches.suse/md-fix-warning-for-holder-mismatch-from-export_rdev.patch
(git-fixes CVE-2023-53791 bsc#1254742).
- Update
patches.suse/md-raid5-cache-fix-a-deadlock-in-r5l_exit_log-a705.patch
(jsc#PED-7542 CVE-2023-53848 bsc#1254753).
- Update
patches.suse/media-af9005-Fix-null-ptr-deref-in-af9005_i2c_xfer.patch
(git-fixes CVE-2023-54314 bsc#1255776).
- Update
patches.suse/media-anysee-fix-null-ptr-deref-in-anysee_master_xfe.patch
(git-fixes CVE-2023-54093 bsc#1256273).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-dvb-usb-v2-gl861-Fix-null-ptr-deref-in-gl861_i.patch
(git-fixes CVE-2023-54066 bsc#1256373).
- Update
patches.suse/media-imon-make-send_packet-more-robust.patch
(stable-fixes CVE-2025-68194 bsc#1255325).
- Update
patches.suse/media-mediatek-vcodec-fix-resource-leaks-in-vdec_msg.patch
(git-fixes CVE-2023-54143 bsc#1256096).
- Update
patches.suse/media-tuners-qt1010-replace-BUG_ON-with-a-regular-er.patch
(git-fixes CVE-2023-54282 bsc#1255810).
- Update
patches.suse/media-v4l2-core-Fix-a-potential-resource-leak-in-v4l.patch
(git-fixes CVE-2023-54183 bsc#1255990).
- Update
patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch
(git-fixes CVE-2025-68252 bsc#1255197).
- Update
patches.suse/misc-pci_endpoint_test-Free-IRQs-before-removin.patch
(bsc#1012628 CVE-2023-54326 bsc#1255758).
- Update
patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch
(git-fixes CVE-2025-40272 bsc#1254832).
- Update
patches.suse/mmc-sunplus-fix-return-value-check-of-mmc_add_.patch
(bsc#1012628 CVE-2023-54204 bsc#1255967).
- Update
patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch
(git-fixes CVE-2025-40223 bsc#1254957).
- Update
patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch
(git-fixes CVE-2025-68290 bsc#1255154).
- Update
patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch
(git-fixes CVE-2025-68249 bsc#1255233).
- Update
patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch
(git-fixes CVE-2025-68765 bsc#1255931).
- Update
patches.suse/mt76-mt7921-don-t-assume-adequate-headroom-for-SDIO-.patch
(git-fixes CVE-2023-53785 bsc#1254918).
- Update
patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch
(git-fixes CVE-2025-68238 bsc#1255202).
- Update
patches.suse/mtd-rawnand-fsl_upm-Fix-an-off-by-one-test-in-.patch
(bsc#1012628 CVE-2023-54104 bsc#1256145).
- Update
patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch
(git-fixes CVE-2025-68237 bsc#1255203).
- Update
patches.suse/net-core-remove-unnecessary-frame_sz-check-in-.patch
(bsc#1012628 CVE-2023-54155 bsc#1256083).
- Update
patches.suse/net-deal-with-integer-overflows-in-kmalloc_reserve.patch
(bsc#1215146 CVE-2023-42752 CVE-2023-53752 bsc#1254613).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_.patch
(bsc#1012628 CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-dsa-avoid-suspicious-RCU-usage-for-synced-V.patch
(bsc#1012628 CVE-2023-54149 bsc#1256085).
- Update
patches.suse/net-dsa-ocelot-call-dsa_tag_8021q_unregister-u.patch
(bsc#1012628 CVE-2023-53855 bsc#1254688).
- Update
patches.suse/net-ethernet-mtk_eth_soc-fix-possible-NULL-pointer-d.patch
(git-fixes CVE-2023-54240 bsc#1255918).
- Update
patches.suse/net-hns3-fix-deadlock-issue-when-externel_lb-a.patch
(bsc#1012628 CVE-2023-54000 bsc#1255564).
- Update
patches.suse/net-ipa-only-reset-hashed-tables-when-supported.patch
(bsc#1012628 CVE-2023-54225 bsc#1256234).
- Update
patches.suse/net-ipv4-fix-one-memleak-in-__inet_del_ifa.patch
(bsc#1220419 CVE-2023-53995 bsc#1255616).
- Update
patches.suse/net-mlx5-fix-potential-memory-leak-in-mlx5e_in.patch
(bsc#1012628 CVE-2023-54106 bsc#1256358).
- Update
patches.suse/net-mlx5e-Move-representor-neigh-cleanup-to-pr.patch
(bsc#1012628 CVE-2023-54148 bsc#1256084).
- Update
patches.suse/net-mlx5e-TC-Fix-internal-port-memory-leak.patch
(bsc#1012628 CVE-2023-53999 bsc#1255621).
- Update
patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_ptp_open.patch
(bsc#1012628 CVE-2023-54169 bsc#1256050).
- Update
patches.suse/net-mlx5e-xsk-Fix-invalid-buffer-access-for-le.patch
(bsc#1012628 CVE-2023-54223 bsc#1256233).
- Update
patches.suse/net-openvswitch-reject-negative-ifindex.patch
(bsc#1012628 CVE-2023-53843 bsc#1254705).
- Update
patches.suse/net-prevent-skb-corruption-on-frag-list-segment.patch
(bsc#1012628 CVE-2023-54094 bsc#1256292).
- Update
patches.suse/net-read-sk-sk_family-once-in-sk_mc_loop.patch
(bsc#1220419 CVE-2023-53831 bsc#1254701).
- Update
patches.suse/net-sched-taprio-Limit-TCA_TAPRIO_ATTR_SCHED_C.patch
(bsc#1012628 CVE-2023-54251 bsc#1255888).
- Update
patches.suse/net-smc-use-smc_lgr_list.lock-to-protect-smc_lgr_lis.patch
(git-fixes CVE-2023-54318 bsc#1255772).
- Update
patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch
(git-fixes CVE-2025-68192 bsc#1255246).
- Update
patches.suse/netfilter-nf_tables-fix-underflow-in-chain-refe.patch
(bsc#1012628 CVE-2023-54035 bsc#1255563).
- Update
patches.suse/netlink-do-not-hard-code-device-address-lenth-i.patch
(bsc#1012628 CVE-2023-53863 bsc#1254657).
- Update
patches.suse/nfp-clean-mc-addresses-in-application-firmware-.patch
(bsc#1012628 CVE-2023-54133 bsc#1256104).
- Update
patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch
(git-fixes CVE-2025-68185 bsc#1255135).
- Update
patches.suse/nfsd-move-init-of-percpu-reply_cache_stats-coun.patch
(bsc#1012628 CVE-2023-54276 bsc#1255907).
- Update
patches.suse/nilfs2-fix-WARNING-in-mark_buffer_dirty-due-to.patch
(bsc#1012628 CVE-2023-54140 bsc#1256093).
- Update
patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch
(git-fixes CVE-2025-68235 bsc#1255209).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_ctrl_secret.patch
(bsc#1012628 CVE-2023-53792 bsc#1254743).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_secret_stor.patch
(bsc#1012628 CVE-2023-53852 bsc#1254653).
- Update
patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch
(bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274).
- Update
patches.suse/nvme-multipath-fix-lockdep-WARN-due-to-partition-sca.patch
(git-fixes bsc#1233640 CVE-2024-53093 CVE-2025-68218
bsc#1255245).
- Update
patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch
(bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276).
- Update
patches.suse/of-overlay-Call-of_changeset_init-early.patch
(git-fixes CVE-2023-53856 bsc#1254661).
- Update
patches.suse/of-unittest-fix-null-pointer-dereferencing-in-of_uni.patch
(git-fixes CVE-2023-54178 bsc#1255992).
- Update
patches.suse/opp-Fix-use-after-free-in-lazy_opp_tables-after.patch
(bsc#1012628 CVE-2023-54026 bsc#1255549).
- Update
patches.suse/orangefs-fix-xattr-related-buffer-overflow.patch
(git-fixes CVE-2025-40306 bsc#1255062).
- Update
patches.suse/ovl-fix-null-pointer-dereference-in-ovl_get_acl.patch
(bsc#1012628 CVE-2023-54313 bsc#1255775).
- Update
patches.suse/pcmcia-rsrc_nonstatic-Fix-memory-leak-in-nonst.patch
(bsc#1012628 CVE-2023-54115 bsc#1256121).
- Update patches.suse/perf-tool-x86-Fix-perf_env-memory-leak.patch
(bsc#1012628 CVE-2023-53793 bsc#1254739).
- Update
patches.suse/phy-tegra-xusb-Clear-the-driver-reference-in-us.patch
(bsc#1012628 CVE-2023-54083 bsc#1256368).
- Update
patches.suse/pinctrl-at91-pio4-check-return-value-of-devm_ka.patch
(bsc#1012628 CVE-2023-54319 bsc#1255760).
- Update
patches.suse/pinctrl-freescale-Fix-a-memory-out-of-bounds-wh.patch
(bsc#1012628 CVE-2023-53750 bsc#1254611).
- Update
patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch
(git-fixes CVE-2025-68222 bsc#1255218).
- Update
patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch
(git-fixes CVE-2025-68303 bsc#1255122).
- Update
patches.suse/posix-timers-Prevent-RT-livelock-in-itimer_dele.patch
(bsc#1012628 CVE-2023-53815 bsc#1254715).
- Update patches.suse/powerpc-64s-Fix-VAS-mm-use-after-free.patch
(bsc#1012628 CVE-2023-54042 bsc#1255702).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-powernv-sriov-perform-null-check-on-iov.patch
(bsc#1012628 CVE-2023-54315 bsc#1255769).
- Update
patches.suse/powerpc-pseries-Rework-lppaca_shared_proc-to-avoid-D.patch
(bsc#1194869 CVE-2023-54267 bsc#1255899).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1194869 CVE-2023-54017 bsc#1255605).
- Update patches.suse/pstore-ram-Add-check-for-kstrdup.patch
(bsc#1012628 CVE-2023-54189 bsc#1255978).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1012628 CVE-2023-54177 bsc#1255993).
- Update patches.suse/rcu-dump-vmalloc-memory-info-safely.patch
(git-fixes CVE-2023-54113 bsc#1256351).
- Update
patches.suse/rcuscale-Move-rcu_scale_writer-schedule_timeout_unin.patch
(git-fixes CVE-2023-54246 bsc#1255915).
- Update
patches.suse/refscale-Fix-uninitalized-use-of-wait_queue_head_t.patch
(git-fixes CVE-2023-54316 bsc#1255770).
- Update
patches.suse/regmap-irq-Fix-out-of-bounds-access-when-alloca.patch
(bsc#1012628 CVE-2023-53768 bsc#1254599).
- Update
patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch
(git-fixes CVE-2025-40317 bsc#1254796).
- Update
patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch
(git-fixes CVE-2025-68354 bsc#1255553).
- Update
patches.suse/regulator-da9063-fix-null-pointer-deref-with-pa.patch
(bsc#1012628 CVE-2023-53787 bsc#1254750).
- Update patches.suse/rpmsg-glink-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-54049 bsc#1256396).
- Update
patches.suse/s390-dcssblk-fix-kernel-crash-with-list_add-corruption.patch
(git-fixes bsc#1215344 CVE-2023-54117 bsc#1256348).
- Update
patches.suse/s390-vmem-split-pages-when-debug-pagealloc-is-.patch
(bsc#1012628 CVE-2023-54278 bsc#1255911).
- Update
patches.suse/samples-bpf-Fix-buffer-overflow-in-tcp_basertt.patch
(bsc#1012628 CVE-2023-54312 bsc#1255774).
- Update
patches.suse/sched-psi-use-kernfs-polling-functions-for-PSI-.patch
(bsc#1012628 CVE-2023-54019 bsc#1255636).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handlin.patch
(bsc#1012628 CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1012628 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_b.patch
(bsc#1012628 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-target-core-Fix-target_cmd_counter-leak.patch
(bsc#1214847 CVE-2023-54154 bsc#1256082).
- Update
patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_chang.patch
(bsc#1012628 CVE-2023-54220 bsc#1255949).
- Update patches.suse/serial-sprd-Fix-DMA-buffer-leak-issue.patch
(git-fixes CVE-2023-54136 bsc#1256099).
- Update
patches.suse/sfc-fix-crash-when-reading-stats-while-NIC-is-r.patch
(bsc#1012628 CVE-2023-54156 bsc#1255704).
- Update
patches.suse/sh-dma-Fix-DMA-channel-offset-calculation.patch
(bsc#1012628 CVE-2023-54255 bsc#1255884).
- Update patches.suse/smb-client-fix-missed-ses-refcounting.patch
(bsc#1012628 CVE-2023-54076 bsc#1256335).
- Update
patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch
(bsc#1248886 CVE-2025-40320 bsc#1254793).
- Update patches.suse/soundwire-fix-enumeration-completion.patch
(bsc#1012628 CVE-2023-54096 bsc#1256178).
- Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch
(bsc#1253155 CVE-2025-68746 bsc#1255722).
- Update
patches.suse/staging-r8712-Fix-memory-leak-in-_r8712_init_xm.patch
(bsc#1012628 CVE-2023-54001 bsc#1255628).
- Update
patches.suse/thermal-of-fix-double-free-on-unregistration.patch
(bsc#1012628 CVE-2023-53997 bsc#1255632).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-.patch
(bsc#1012628 CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-memory-leak-of-iter-temp-when-readi.patch
(bsc#1012628 CVE-2023-54171 bsc#1256034).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_dis.patch
(bsc#1012628 CVE-2023-54211 bsc#1255843).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c.patch
(bsc#1012628 CVE-2023-53858 bsc#1254704).
- Update
patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch
(stable-fixes CVE-2025-40314 bsc#1255072).
- Update
patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch
(git-fixes CVE-2025-68287 bsc#1255152).
- Update
patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch
(git-fixes CVE-2025-68289 bsc#1255155).
- Update
patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch
(stable-fixes CVE-2025-40315 bsc#1255083).
- Update
patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch
(stable-fixes CVE-2025-68750 bsc#1255814).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_.patch
(bsc#1012628 CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch
(stable-fixes CVE-2025-40345 bsc#1255279).
- Update
patches.suse/usb-typec-bus-verify-partner-exists-in-typec_altmode.patch
(git-fixes CVE-2023-54299 bsc#1255789).
- Update
patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch
(git-fixes CVE-2025-68331 bsc#1255495).
- Update patches.suse/usbnet-Prevents-free-active-kevent.patch
(git-fixes CVE-2025-68312 bsc#1255171).
- Update
patches.suse/vdpa-Add-queue-index-attr-to-vdpa_nl_policy-fo.patch
(bsc#1012628 CVE-2023-54031 bsc#1255583).
- Update patches.suse/vduse-fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-54291 bsc#1255798).
- Update
patches.suse/vfio-type1-fix-cap_migration-information-leak
(jsc#PED-7779 jsc#PED-7780 CVE-2023-54137 bsc#1256100).
- Update
patches.suse/virtio-vdpa-Fix-cpumask-memory-leak-in-virtio_.patch
(bsc#1012628 CVE-2023-54215 bsc#1255957).
- Update
patches.suse/virtio_pmem-add-the-missing-REQ_OP_WRITE-for-flush-b.patch
(git-fixes CVE-2023-54089 bsc#1256268).
- Update
patches.suse/virtio_vdpa-build-affinity-masks-conditionally.patch
(git-fixes CVE-2023-54008 bsc#1255630).
- Update
patches.suse/wifi-ath11k-Add-missing-hw_ops-get_ring_selecto.patch
(bsc#1012628 CVE-2023-54141 bsc#1256094).
- Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch
(git-fixes CVE-2025-68380 bsc#1255580).
- Update
patches.suse/wifi-ath11k-fix-registration-of-6Ghz-only-phy-w.patch
(bsc#1012628 CVE-2023-54229 bsc#1255924).
- Update
patches.suse/wifi-ath12k-Fix-memory-leak-in-rx_desc-and-tx_desc.patch
(git-fixes CVE-2023-54016 bsc#1256279).
- Update
patches.suse/wifi-ath9k-avoid-referencing-uninit-memory-in-a.patch
(bsc#1012628 CVE-2023-54300 bsc#1255790).
- Update
patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch
(git-fixes CVE-2025-40321 bsc#1254795).
- Update
patches.suse/wifi-cfg80211-ocb-don-t-leave-if-not-joined.patch
(git-fixes CVE-2023-53992 bsc#1256058).
- Update
patches.suse/wifi-mt76-mt7921-fix-skb-leak-by-txs-missing-i.patch
(bsc#1012628 CVE-2023-54052 bsc#1256387).
- Update
patches.suse/wifi-mwifiex-fix-memory-leak-in-mwifiex_histogram_re.patch
(git-fixes CVE-2023-53808 bsc#1254723).
- Update
patches.suse/wifi-rsi-Do-not-configure-WoWlan-in-shutdown-ho.patch
(bsc#1012628 CVE-2023-54025 bsc#1255558).
- Update
patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch
(git-fixes CVE-2025-68759 bsc#1255934).
- Update
patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch
(git-fixes CVE-2025-68362 bsc#1255611).
- Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch
(git-fixes CVE-2025-68313 bsc#1255415).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_microco.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- Update
patches.suse/x86-hyperv-Disable-IBT-when-hypercall-page-lac.patch
(bsc#1012628 CVE-2023-54172 bsc#1256033).
- Update
patches.suse/x86-sev-Make-enc_dec_hypercall-accept-a-size-instead-of-npages
(bsc#1214635 CVE-2023-53996 bsc#1255618).
- Update patches.suse/xen-speed-up-grant-table-reclaim.patch
(bsc#1012628 CVE-2023-54081 bsc#1256361).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit c2db288
- Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch
(CVE-2025-40287 bsc#1255030 CVE-2025-68351 bsc#1255567).
- Update
patches.suse/net-enetc-fix-the-deadlock-of-enetc_mdio_lock.patch
(CVE-2025-40337 bsc#1255081 CVE-2025-40347 bsc#1255262).
- commit 8022326
- docs: ABI: sysfs-devices-soc: Fix swapped sample values
(git-fixes).
- commit 208252e
- gpio: rockchip: mark the GPIO controller as sleeping
(git-fixes).
- drm/pl111: Fix error handling in pl111_amba_probe (git-fixes).
- crypto: qat - fix duplicate restarting msg during AER error
(git-fixes).
- commit db7c5b1
- cifs: client: fix memory leak in smb3_fs_context_parse_param
(bsc#1255082, CVE-2025-40268).
- commit 1547549
- ext4: wait for ongoing I/O to complete before freeing blocks
(bsc#1256366).
- commit 73f54be
- selftests/bpf: Add test to verify freeing the special fields
in pcpu maps (CVE-2025-68744 bsc#1255709).
- commit 7a07150
- bpf: Free special fields when update [lru_,]percpu_hash maps
(CVE-2025-68744 bsc#1255709).
- commit 5246440
- pmdomain: arm: scmi: Fix genpd leak on provider registration
failure (CVE-2025-68204 bsc#1255224).
- commit 51ed7f6
- drm/amd/display: Fix scratch registers offsets for DCN351
(stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN35
(stable-fixes).
- Revert "drm/amd/display: Fix pbn to kbps Conversion"
(stable-fixes).
- drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes).
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace
(stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- drm/amdkfd: Trap handler support for expert scheduling mode
(stable-fixes).
- clk: samsung: exynos-clkout: Assign .num before accessing .hws
(git-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/displayid: add quirk to ignore DisplayID checksum errors
(stable-fixes).
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct
drm_edid_ident (stable-fixes).
- drm/displayid: pass iter to drm_find_displayid_extension()
(stable-fixes).
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING
after CLC load (stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: cfg80211: stop radar detection in cfg80211_leave()
(stable-fixes).
- wifi: cfg80211: use cfg80211_leave() in iftype change
(stable-fixes).
- cpufreq: nforce2: fix reference count leak in nforce2
(git-fixes).
- drm/panthor: Flush shmem writes before mapping buffers
CPU-uncached (git-fixes).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume
(stable-fixes).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier
before suspend (stable-fixes).
- commit 0bebe20
- wifi: mac80211: restore non-chanctx injection behaviour
(git-fixes).
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
(git-fixes).
- wifi: avoid kernel-infoleak from struct iw_point (git-fixes).
- atm: Fix dma_free_coherent() size (git-fixes).
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
(git-fixes).
- net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
(git-fixes).
- HID: quirks: work around VID/PID conflict for appledisplay
(git-fixes).
- ASoC: sun4i-spdif: Add missing kerneldoc fields for
sun4i_spdif_quirks (git-fixes).
- ALSA: ac97: fix a double free in snd_ac97_controller_register()
(git-fixes).
- commit 31818ae
- binfmt_misc: restore write access before closing files opened
by open_exec() (bsc#1255272 CVE-2025-68239).
- commit 40d7043
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit e033d9a
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit eb0de51
- ext4: guard against EA inode refcount underflow in xattr update
(bsc#1253623 CVE-2025-40190).
- commit 7ad9fff
- net/smc: fix general protection fault in __smc_diag_dump
(CVE-2025-40357 bsc#1255097).
- commit c2a771e
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is
replaced (CVE-2025-68259 bsc#1255199).
- commit bca135e
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318)
- commit 24256b7
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121)
- commit c49170e
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit 34ab5ba
- bpf: Fix stackmap overflow check in __bpf_get_stackid()
(CVE-2025-68378 bsc#1255614).
- commit f957faa
- bpf: Refactor stack map trace depth calculation into helper
function (CVE-2025-68378 bsc#1255614).
- commit 89dceec
- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
(bsc#1255463).
- Refresh
patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch.
- commit f3639f0
- iommufd: Don't overflow during division for dirty tracking
(CVE-2025-40293 bsc#1255179).
- commit 8fb40bc
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
(CVE-2025-40251 bsc#1254856).
- commit 07d80e9
- mptcp: fix race condition in mptcp_schedule_work()
(CVE-2025-40258 bsc#1254843).
- commit 664f157
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net/mlx5: Clean up only new IRQ glue on request_irq() failure
(CVE-2025-40250 bsc#1254854).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40337
bsc#1255081).
- net: stmmac: Correctly handle Rx checksum offload errors
(CVE-2025-40337 bsc#1255081).
- commit 3ae940f
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq
IE parsing (CVE-2025-68255 bsc#1255395).
- commit d962eb4
- ASoC: Intel: avs: Do not share the name pointer between
components (CVE-2025-40338 bsc#1255273).
- commit 968173c
- drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
(CVE-2025-40289 bsc#1255042).
- commit ff414f2
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit 9f73fa4
- serial: core: Fix serial device initialization (git-fixes).
- commit 024b264
- drm/imagination: Disallow exporting of PM/FW protected objects
(git-fixes).
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in
ACPI package parsing (git-fixes).
- serial: core: Restore sysfs fwnode information (git-fixes).
- ASoC: ak4458: remove the reset operation in probe and remove
(git-fixes).
- drm/xe: Use usleep_range for accurate long-running workload
timeslicing (git-fixes).
- drm/xe: Drop preempt-fences when destroying imported dma-bufs
(git-fixes).
- drm/xe/oa: Disallow 0 OA property values (git-fixes).
- drm/xe: Adjust long-running workload timeslices to reasonable
values (git-fixes).
- drm/xe/oa: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Restore engine registers before restarting schedulers
after GT reset (git-fixes).
- drm/xe/bo: Don't include the CCS metadata in the dma-buf
sg-table (git-fixes).
- drm/me/gsc: mei interrupt top half should be in irq disabled
context (git-fixes).
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes).
- wifi: ath10k: move recovery check logic into a new work
(git-fixes).
- r8169: set EEE speed down ratio to 1 (stable-fixes).
- wifi: ath10k: Add missing include of export.h (stable-fixes).
- wifi: ath10k: Avoid vdev delete timeout when firmware is
already down (stable-fixes).
- commit bbba4ae
- usb: phy: isp1301: fix non-OF device reference imbalance
(git-fixes).
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
(git-fixes).
- commit 4724dd4
- platform/x86: ibm_rtl: fix EBDA signature search pointer
arithmetic (git-fixes).
- platform/x86: msi-laptop: add missing sysfs_remove_group()
(git-fixes).
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from
event names (git-fixes).
- wifi: mac80211: do not use old MBSSID elements (git-fixes).
- wifi: cfg80211: sme: store capped length in
__cfg80211_connect_result() (git-fixes).
- wifi: rtlwifi: 8192cu: fix tid out of range in
rtl92cu_tx_fill_desc() (git-fixes).
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS
(git-fixes).
- smc91x: fix broken irq-context in PREEMPT_RT (git-fixes).
- usb: dwc3: of-simple: fix clock resource leak in
dwc3_of_simple_probe (git-fixes).
- USB: lpc32xx_udc: Fix error handling in probe (git-fixes).
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
(git-fixes).
- usb: dwc3: keep susphy enabled during exit to avoid controller
faults (git-fixes).
- spi: fsl-cpm: Check length parity before switching to 16 bit
mode (git-fixes).
- PM: runtime: Do not clear needs_force_resume with enabled
runtime PM (git-fixes).
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
(git-fixes).
- commit 29120de
- sctp: avoid NULL dereference when chunk data buffer is missing
(CVE-2025-40240 bsc#1254869).
- commit 7732dc5
- net: rose: fix invalid array index in rose_kill_by_device()
(git-fixes).
- net: usb: sr9700: fix incorrect command used to write single
register (git-fixes).
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write (git-fixes).
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
(git-fixes).
- net: mdio: aspeed: add dummy read to avoid read-after-write
issue (git-fixes).
- Input: ti_am335x_tsc - fix off-by-one error in wire_order
validation (git-fixes).
- Input: atkbd - skip deactivate for HONOR FMB-P's internal
keyboard (git-fixes).
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to
Kconfig (git-fixes).
- commit 0ed2427
- drm/i915/gem: Zero-initialize the eb.vma array in
i915_gem_do_execbuffer (git-fixes).
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state()
in prepare_fb (git-fixes).
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(git-fixes).
- idr: fix idr_alloc() returning an ID out of range (git-fixes).
- genalloc.h: fix htmldocs warning (git-fixes).
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(git-fixes).
- firewire: nosy: Fix dma_free_coherent() size (git-fixes).
- drm/msm/dpu: Add missing NULL pointer check for pingpong
interface (git-fixes).
- ALSA: usb-mixer: us16x08: validate meter packet indices
(git-fixes).
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
(git-fixes).
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
(git-fixes).
- hwmon: (tmp401) fix overflow caused by default conversion rate
value (git-fixes).
- hwmon: (ibmpex) fix use-after-free in high/low store
(git-fixes).
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first
(git-fixes).
- ACPI: PCC: Fix race condition by removing static qualifier
(git-fixes).
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
(git-fixes).
- can: j1939: make j1939_sk_bind() fail if device is no longer
registered (git-fixes).
- can: gs_usb: gs_can_open(): fix error handling (git-fixes).
- broadcom: b44: prevent uninitialized value usage (git-fixes).
- commit bf82bcb
- exfat: validate cluster allocation bits of the allocation bitmap
(CVE-2025-40307 bsc#1255039).
- commit 61971f7
- exfat: using hweight instead of internal logic (git-fixes).
- commit 18b7ccc
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).
- commit 8505ec5
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
(git-fixes).
- commit 784298a
- Branch maintainers was auto-merged from SLE15-SP6-LTSS.
Restore to SP7 maintainers per ML discussion at:
https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00127.html
https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00134.html
- commit ca6d40d
- tracing: Fix race condition in kprobe initialization causing
NULL pointer dereference (CVE-2025-40042 bsc#1252861).
- commit 8186e85
- README.BRANCH: SLE15-SP6 became LTSS, update maintainers
- commit f86184e
- cpuidle: menu: Use residency threshold in polling state override
decisions (bsc#1255026).
- commit f6f2d0f
- fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).
- commit c5ce147
- selftests/bpf: Add test case for different expected_attach_type
(CVE-2025-40123 bsc#1253365).
- commit a20378c
- kABI workaround for bpf: Enforce expected_attach_type for
tailcall compatibility (CVE-2025-40123 bsc#1253365).
- commit b3b5837
- bpf: Enforce expected_attach_type for tailcall compatibility
(CVE-2025-40123 bsc#1253365).
Refresh patches.kabi/bpf-struct-bpf_map-workaround.patch.
- commit 4229239
- exfat: fix refcount leak in exfat_find (CVE-2025-40287
bsc#1255030).
- commit 8d74fe6
- exfat: fix improper check of dentry.stream.valid_size
(CVE-2025-40287 bsc#1255030).
- commit 6d6e321
- exfat: add a check for invalid data size (git-fixes).
- commit 2af7089
- selftests/bpf: Test widen_imprecise_scalars() with different
stack depth (CVE-2025-68208 bsc#1255227).
- commit 7bc82c5
- bpf: account for current allocated stack depth in
widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227).
- commit 59eb6d6
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit c371711
- selftests/bpf: Skip timer cases when bpf_timer is not supported
(git-fixes).
- commit c865cf8
- bpf: Reject bpf_timer for PREEMPT_RT (git-fixes).
- commit 4c49578
- bpf: Sync pending IRQ work before freeing ring buffer
(CVE-2025-40319 bsc#1254794).
- commit d39f398
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit 85cf637
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit a261090
- net: bridge: fix use-after-free due to MST port state bypass
(CVE-2025-40297 bsc#1255187).
- commit 551613c
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 2e6aaae
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- commit 23ba11d
- ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402).
- ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342).
- commit e13927d
- tipc: Fix use-after-free in tipc_mon_reinit_self()
(CVE-2025-40280 bsc#1254847).
- commit 293c735
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated
(bsc#1255434).
- bpf: Do not limit bpf_cgroup_from_id to current's namespace
(bsc#1255433).
- commit 7622dcb
- virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292).
- commit 640f7af
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 76e0cd6
- vsock: fix lock inversion in vsock_assign_transport()
(CVE-2025-40231, bsc#1254815).
- commit f20ceef
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit a401c8b
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 3a48f4b
- selftests: net: use slowwait to make sure IPv6 setup finished
(bsc#1255349).
- commit cdeb065
- selftests/net: convert test_vxlan_vnifiltering.sh to run it
in unique namespace (bsc#1255349).
- commit f6295a1
- selftests: net: use slowwait to stabilize vrf_route_leaking test
(bsc#1255349).
- commit 797f508
- selftests/net: convert vrf_route_leaking.sh to run it in unique
namespace (bsc#1255349).
- Refresh
patches.suse/selftests-net-add-helper-for-checking-if-nettest-is-availa.patch.
- commit c9d3564
- selftests: vrf_route_leaking: remove ipv6_ping_frag from
default testing (bsc#1255349).
- commit d1d9fe4
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit ae22a6c
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 13f0f1f
- selftests: net: fib-onlink-tests: Set high metric for default
IPv6 route (bsc#1255346).
- commit 3e93e72
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 63a872c
- KVM: guest_memfd: Remove bindings on memslot deletion when
gmem is dying (CVE-2025-40274, bsc#1254830).
- commit 539aace
- selftests: net: Remove executable bits from library scripts
(bsc#1254235).
- commit 0623efd
- selftests: net: included needed helper in the install targets
(bsc#1254235).
- Refresh
patches.suse/selftests-net-List-helper-scripts-in-TEST_FILES-Makefile-v.patch.
- Refresh patches.suse/selftests-net-include-forwarding-lib.patch.
- commit 7e2ef77
- tick/sched: Limit non-timekeeper CPUs calling jiffies update
(bsc#1254477).
- commit f152ff3
- selftests: net: veth: test the ability to independently
manipulate GRO and XDP (bsc#1255101).
- commit 0c521f2
- selftests: net: more strict check in net_helper (bsc#1254235).
- selftests: net: explicitly wait for listener ready
(bsc#1254235).
Refresh
patches.suse/selftests-net-cut-more-slack-for-gro-fwd-tests.patch.
- selftests/net: synchronize udpgro tests' tx and rx connection
(bsc#1254235).
- commit ea56d4f
- selftests/net: calibrate txtimestamp (bsc#1255085).
- commit 4e81333
- netdevsim: print human readable IP address (bsc#1255071).
- commit db8e48c
- selftests: dsa: Replace test symlinks by wrapper script
(bsc#1254235).
- selftests: team: Add shared library scripts to TEST_INCLUDES
(bsc#1254235).
- selftests: bonding: Add net/forwarding/lib.sh to TEST_INCLUDES
(bsc#1254235).
- selftests: Introduce Makefile variable to list shared bash
scripts (bsc#1254235).
- commit 5bb066d
- selftests/net: convert fib_tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_rule_tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib-onlink-tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthops.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_nongw.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_multiprefix to run it in
unique namespace (bsc#1254235).
- selftests/net: convert fcnal-test.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- commit 3c3968b
- Move upstreamed ath12k patch into sorted section
- commit fa80682
- Move upstreamed SCSI patches into sorted section
- commit 8ea340d
- futex: Prevent use-after-free during requeue-PI (CVE-2025-39977
bsc#1252046).
- commit 3062182
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
(git-fixes).
- commit 808d009
- bnxt_en: Shutdown FW DMA in bnxt_shutdown() (CVE-2025-40330
bsc#1254616).
- commit 3e35ca9
- usb: typec: ucsi: psy: Set max current to zero when disconnected
(git-fixes).
- commit de6f0cd
- USB: serial: option: add Telit FN920C04 ECM compositions
(stable-fixes).
- USB: serial: option: add Quectel RG255C (stable-fixes).
- USB: serial: option: add UNISOC UIS7720 (stable-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: chipidea: udc: limit usb request length to max 16KB
(stable-fixes).
- commit 15d4d36
- usb: raw-gadget: do not limit transfer length (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices
(git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: udc: Add trace event for usb_gadget_set_state
(stable-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind
(git-fixes).
- commit c4f787c
- Correct USB typec tcpm patches
In upstream backports, changes were applied to wrong places (sink
instead of source). In the stable upstream, it was corrected in a
commit d967f6ae3149, but we fold the corrections in each patch,
instead.
Refreshed:
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
patches.suse/usb-typec-tcpm-unregister-existing-source-caps-befor.patch
- commit 55aaa8f
- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).
- commit 4dc2ee9
- drm/tilcdc: Fix removal actions in case of failed probe
(git-fixes).
- drm/nouveau: refactor deprecated strcpy (git-fixes).
- drm/plane: Fix IS_ERR() vs NULL check in
drm_plane_create_hotspot_properties() (git-fixes).
- drm/i915: Fix format string truncation warning (git-fixes).
- drm/amdkfd: Use huge page size to check split svm range
alignment (git-fixes).
- commit 9d1b9c7
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
(git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- commit 4a0695a
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- drm/amdkfd: Fix GPU mappings for APU after prefetch
(stable-fixes).
- commit e28addd
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure
(git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for
DSP events (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for
DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_hda_read_acpi() (git-fixes).
- commit 203c44f
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 18e6218
- ext4: align max orphan file size with e2fsprogs limit
(bsc#1253442 CVE-2025-40179).
- commit 7ae82ce
- ext4: free orphan info with kvfree (bsc#1253442 CVE-2025-40179).
- commit a10c019
- ext4: verify orphan file size is not too big (bsc#1253442
CVE-2025-40179).
- commit 6c1724d
- Revert "ipmi: fix msg stack when IPMI is disconnected" (bsc#1253622 CVE-2025-40192)
- commit 33bdbac
- kABI workaround for mgmt_cp_set_mesh struct change (git-fixes).
- commit 7de6f1d
- Bluetooth: MGMT: fix crash in set_mesh_sync and
set_mesh_complete (git-fixes).
- Refresh patches.kabi/hci_dev-centralize-extra-lock.patch.
- commit 9117a6d
- kABI workaround for hci_conn remote_id removal (git-fixes).
- commit 1f82cb9
- Bluetooth: btusb: mediatek: Fix kernel crash when releasing
mtk iso interface (git-fixes).
- Refresh
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch.
- commit 868a054
- kABI workaround for HCI_LE_ADV_0 addition (git-fixes).
- commit 90a4a45
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
(git-fixes).
- commit 02e48bb
- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL
writes (git-fixes).
- commit 8914d15
- Refresh
patches.kabi/devlink_hide_adding_u64_to_devlink_param_types.patch.
- Refresh
patches.suse/devlink-Add-support-for-u64-parameters.patch.
- Delete
patches.suse/devlink-avoid-param-type-value-translations.patch.
Fix kABI breakage, caused by adding U64 type to DEVLINK_PARAM_TYPE (bsc#1254363)
- commit d4ef490
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID
(git-fixes).
- commit b8d0ed6
- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).
- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd
led (git-fixes).
- commit 9bd979e
- smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256,
CVE-2025-38728).
- commit 8caf30e
- selftests: net: include forwarding lib (bsc#1254235).
- commit 8ae2773
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- commit d031559
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- commit 82f1192
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- commit bd1de03
- spi: tegra210-qspi: Remove cache operations (git-fixes)
- commit a5fab01
- spi: tegra210-quad: Add support for internal DMA (git-fixes)
- commit 8c1e0cc
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- commit 8db7584
- Delete patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch.
It will reinserted as part of bsc#1253155 update request.
- commit aed40ae
- smb: Log an error when close_all_cached_dirs fails (bsc#1246328,
CVE-2025-38321).
- commit a8a838a
- Refresh
patches.suse/selftests-net-List-helper-scripts-in-TEST_FILES-Makefile-v.patch.
- commit a49bd74
- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes)
- commit 056601e
- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes)
- commit 10b4884
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
(CVE-2025-39890 bsc#1250334).
- commit 51d9ba6
- dm-verity: fix unreliable memory allocation (git-fixes).
- commit 811cec6
- ipmi: Fix handling of messages with provided receive message
pointer (git-fixes).
- commit 2e987f2
- ipmi: Rework user message limit handling (git-fixes).
- commit 4cbb961
- mm/hugetlb: fix folio is still mapped when deleted
(CVE-2025-40006 bsc#1252342).
- commit e2e7e3b
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
(git-fixes).
- pinctrl: stm32: fix hwspinlock resource leak in probe function
(git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in
rcar_gen3_phy_usb2_probe() (git-fixes).
- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).
- commit 2f1faf6
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (CVE-2025-40153 bsc#1253408).
- commit 03b4aee
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- commit fda20aa
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload
(bac#1236022 ltc#211187).
- commit 1a4723e
- i3c: fix refcount inconsistency in i3c_master_register
(git-fixes).
- commit 00edbac
- i3c: master: svc: Prevent incomplete IBI transaction
(git-fixes).
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as
a parent to other (git-fixes).
- clk: renesas: r9a06g032: Fix memory leak in error path
(git-fixes).
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle
callback (git-fixes).
- commit 4cf8a99
- mei: gsc: add dependency on Xe driver (git-fixes).
- drm/amd/display: Don't change brightness for disabled connectors
(stable-fixes).
- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes
(stable-fixes).
- usb: udc: Add trace event for usb_gadget_set_state
(stable-fixes).
- drm/i915/dp: Initialize the source OUI write timestamp always
(stable-fixes).
- commit fbf57fa
- staging: fbtft: core: fix potential memory leak in
fbtft_probe_common() (git-fixes).
- usb: gadget: tegra-xudc: Always reinitialize data toggle when
clear halt (git-fixes).
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).
- usb: phy: Initialize struct usb_phy list_head (git-fixes).
- usb: dwc2: fix hang during suspend if set as peripheral
(git-fixes).
- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).
- USB: Fix descriptor count when handling invalid MBIM extended
descriptor (git-fixes).
- intel_th: Fix error handling in intel_th_output_open
(git-fixes).
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
(git-fixes).
- comedi: multiq3: sanitize config options in multiq3_attach()
(git-fixes).
- comedi: check device's attached status in compat ioctls
(git-fixes).
- comedi: c6xdigio: Fix invalid PNP driver unregistration
(git-fixes).
- firmware: stratix10-svc: fix make htmldocs warning for
stratix10_svc (git-fixes).
- iio: core: Clean up device correctly on iio_device_alloc()
failure (git-fixes).
- iio: core: add missing mutex_destroy in iio_dev_release()
(git-fixes).
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
(git-fixes).
- firmware: stratix10-svc: Add mutex in stratix10 memory
management (git-fixes).
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to
uio_fsl_elbc_gpcm_probe (git-fixes).
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
(git-fixes).
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
(git-fixes).
- fbdev: tcx.c fix mem_map to correct smem_start offset
(git-fixes).
- watchdog: wdat_wdt: Fix ACPI table leak in probe function
(git-fixes).
- rpmsg: glink: fix rpmsg device leak (git-fixes).
- iio: accel: bmc150: Fix irq assumption regression
(stable-fixes).
- usb: storage: sddr55: Reject out-of-bound new_pba
(stable-fixes).
- USB: serial: option: add support for Rolling RW101R-GL
(stable-fixes).
- USB: serial: ftdi_sio: add support for u-blox EVK-M101
(stable-fixes).
- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -S
(stable-fixes).
- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).
- drm/amd/display: Check NULL before accessing (stable-fixes).
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
(stable-fixes).
- commit a6f8c1f
- soc: amlogic: canvas: fix device leak on lookup (git-fixes).
- soc: qcom: smem: fix hwspinlock resource leak in probe error
paths (git-fixes).
- soc: qcom: ocmem: fix device leak on lookup (git-fixes).
- firmware: imx: scu-irq: fix OF node leak in (git-fixes).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- commit 67bcab6
- perf/x86/intel: Fix KASAN global-out-of-bounds warning
(git-fixes).
- commit 4f6bb80
- r8169: disable RTL8126 ZRX-DC timeout (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support
(jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126
(jsc#PED-14353).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers
(jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: don't scan PHY addresses > 0 (jsc#PED-14353).
- commit 767f379
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE
(jsc#PED-14353).
- r8169: remove redundant hwmon support (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify
rtl_jumbo_config (jsc#PED-14353).
- commit 3a4ab13
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers
(jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: remove leftover locks after reverted change
(jsc#PED-14353).
- r8169: improve initialization of RSS registers on
RTL8125/RTL8126 (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver
(jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver
(jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver
(jsc#PED-14353).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats
(jsc#PED-14353).
- r8169: add support for RTL8125D (jsc#PED-14353).
- commit 5c318c2
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
(jsc#PED-14353).
- Refresh
patches.suse/r8169-add-tally-counter-fields-added-with-RTL8125.patch.
- commit 8dc4fd6
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: add support for the temperature sensor being available
from RTL8125B (jsc#PED-14353).
- r8169: avoid unsolicited interrupts (jsc#PED-14353).
- r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b
(jsc#PED-14353).
- r8169: disable ALDPS per default for RTL8125 (jsc#PED-14353).
- r8169: add support for RTL8126A rev.b (jsc#PED-14353).
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
(jsc#PED-14353).
- commit 6d7da00
- r8169: remove detection of chip version 11 (early RTL8168b)
(jsc#PED-14353).
- r8169: disable interrupt source RxOverflow (jsc#PED-14353).
- Revert "r8169: don't try to disable interrupts if NAPI is,
scheduled already" (jsc#PED-14353).
- r8169: Use PCI_IRQ_INTX instead of PCI_IRQ_LEGACY
(jsc#PED-14353).
- r8169: add support for RTL8168M (jsc#PED-14353).
- r8169: add MODULE_FIRMWARE entry for RTL8126A (jsc#PED-14353).
- commit 39ff456
- r8169: simplify code by using core-provided pcpu stats
allocation (jsc#PED-14353).
- commit dafb189
- r8169: simplify EEE handling (jsc#PED-14353).
- Refresh
patches.suse/r8169-implement-additional-ethtool-stats-ops.patch.
- commit 48bfadc
- r8169: add support for returning tx_lpi_timer in ethtool get_eee
(jsc#PED-14353).
- r8169: support setting the EEE tx idle timer on RTL8168h
(jsc#PED-14353).
- r8169: add generic rtl_set_eee_txidle_timer function
(jsc#PED-14353).
- commit e1875e5
- r8169: remove multicast filter limit (jsc#PED-14353).
- Refresh patches.suse/r8169-add-support-for-RTL8126A.patch.
- commit 1615622
- net: r8169: Disable multicast filter for RTL8168H and RTL8107E
(jsc#PED-14353).
- Refresh
patches.suse/r8169-respect-userspace-disabling-IFF_MULTICAST.patch.
- commit 0162652
- r8169: use dev_err_probe in all appropriate places in
rtl_init_one() (jsc#PED-14353).
- Refresh
patches.suse/r8169-revert-2ab19de62d67-r8169-remove-ASPM-res.patch.
- commit 946ce07
- r8169: improve handling task scheduling (jsc#PED-14353).
- r8169: remove not needed check in rtl_fw_write_firmware
(jsc#PED-14353).
- r8169: improve RTL8411b phy-down fixup (jsc#PED-14353).
- Revert "net: r8169: Disable multicast filter for RTL8168H and
RTL8107E" (jsc#PED-14353).
- r8169: check for PCI read error in probe (jsc#PED-14353).
- commit 82a9157
- r8169: enable EEE at 2.5G per default on RTL8125B
(jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails
and switch to warn level (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue
(jsc#PED-14353).
- r8169: don't apply UDP padding quirk on RTL8126A
(jsc#PED-14353).
- commit fdf3fd2
- efi: stmm: fix kernel-doc "bad line" warnings (git-fixes).
- ASoC: codecs: lpass-tx-macro: fix SM6115 support (git-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation
of appl_ptr (git-fixes).
- Revert "drm/amd: Skip power ungate during suspend for VPE"
(git-fixes).
- drm/panthor: Avoid adding of kernel BOs to extobj list
(git-fixes).
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
(git-fixes).
- drm/mediatek: ovl_adaptor: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe memory leak (git-fixes).
- drm/mediatek: Fix probe resource leaks (git-fixes).
- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init
(git-fixes).
- drm/msm/a6xx: Fix the gemnoc workaround (git-fixes).
- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (git-fixes).
- drm/panthor: Fix potential memleak of vma structure (git-fixes).
- drm/panthor: Fix UAF on kernel BO VA nodes (git-fixes).
- drm/panthor: Fix race with suspend during unplug (git-fixes).
- drm/panthor: Fix group_free_queue() for partially initialized
queues (git-fixes).
- drm/panthor: Handle errors returned by drm_sched_entity_init()
(git-fixes).
- drm/imagination: Fix reference to
devm_platform_get_and_ioremap_resource() (git-fixes).
- accel/ivpu: Fix race condition when unbinding BOs (git-fixes).
- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler()
(git-fixes).
- accel/ivpu: Fix DCT active percent format (git-fixes).
- drm/panel: visionox-rm69299: Don't clear all mode flags
(git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- commit 905bb10
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2
(git-fixes).
- PCI: keystone: Exit ks_pcie_probe() for invalid mode
(git-fixes).
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
(git-fixes).
- PCI/PM: Reinstate clearing state_saved in legacy and !PM
codepaths (git-fixes).
- power: supply: apm_power: only unset own apm_get_power_status
(git-fixes).
- power: supply: wm831x: Check wm831x_set_bits() return value
(git-fixes).
- power: supply: rt9467: Prevent using uninitialized local
variable in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: rt9467: Return error on failure in
rt9467_set_value_from_ranges() (git-fixes).
- power: supply: cw2015: Check devm_delayed_work_autocancel()
return code (git-fixes).
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
(git-fixes).
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
(git-fixes).
- mfd: max77620: Fix potential IRQ chip conflict when probing
two devices (git-fixes).
- platform/x86: intel: chtwc_int33fe: don't dereference swnode
args (git-fixes).
- spi: bcm63xx: drop wrong casts in probe() (git-fixes).
- spi: tegra210-quad: Fix timeout handling (git-fixes).
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex (git-fixes).
- regulator: core: disable supply if enabling main regulator fails
(git-fixes).
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors
(git-fixes).
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe
error and remove (git-fixes).
- mtd: nand: relax ECC parameter validation check (git-fixes).
- Revert "mtd: rawnand: marvell: fix layouts" (git-fixes).
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).
- mtd: maps: pcmciamtd: fix potential memory leak in
pcmciamtd_detach() (git-fixes).
- pwm: bcm2835: Make sure the channel is enabled after
pwm_request() (git-fixes).
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
(git-fixes).
- commit 6ae74c9
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path
(git-fixes).
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
(git-fixes).
- media: rc: st_rc: Fix reset control resource leak (git-fixes).
- media: videobuf2: Fix device reference leak in vb2_dc_alloc
error path (git-fixes).
- media: vpif_display: fix section mismatch (git-fixes).
- media: vpif_capture: fix section mismatch (git-fixes).
- media: samsung: exynos4-is: fix potential ABBA deadlock on init
(git-fixes).
- media: renesas: rcar_drif: fix device node reference leak in
rcar_drif_bond_enabled (git-fixes).
- media: amphion: Cancel message work before releasing the VPU
core (git-fixes).
- media: verisilicon: Protect G2 HEVC decoder against invalid
DPB index (git-fixes).
- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).
- media: cec: Fix debugfs leak on bus_register() failure
(git-fixes).
- media: vidtv: initialize local pointers upon transfer of memory
ownership (git-fixes).
- media: pvrusb2: Fix incorrect variable used in trace message
(git-fixes).
- media: msp3400: Avoid possible out-of-bounds array accesses
in msp3400c_thread() (git-fixes).
- media: adv7842: Avoid possible out-of-bounds array accesses
in adv7842_cp_log_status() (git-fixes).
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in
probe (git-fixes).
- media: i2c: adv7842: Remove redundant cancel_delayed_work in
probe (git-fixes).
- media: TDA1997x: Remove redundant cancel_delayed_work in probe
(git-fixes).
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
(git-fixes).
- commit 0f91c8f
- Documentation: hid-alps: Fix packet format section headings
(git-fixes).
- HID: logitech-hidpp: Do not assume FAP in
hidpp_send_message_sync() (git-fixes).
- HID: logitech-dj: Remove duplicate error logging (git-fixes).
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).
- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).
- leds: netxbig: Fix GPIO descriptor leak in error paths
(git-fixes).
- leds: leds-lp50xx: Enable chip before any communication
(git-fixes).
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of
9 LEDs (git-fixes).
- leds: leds-lp50xx: Allow LED 0 to be added to module bank
(git-fixes).
- hwmon: (max16065) Use local variable to avoid TOCTOU
(git-fixes).
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
(git-fixes).
- hwmon: sy7636a: Fix regulator_enable resource leak on error path
(git-fixes).
- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).
- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure
(git-fixes).
- ASoC: stm32: sai: fix device leak on probe (git-fixes).
- ASoC: qcom: q6asm-dai: perform correct state check before
closing (git-fixes).
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer
alignment (git-fixes).
- ASoC: qcom: q6adm: the the copp device only during last instance
(git-fixes).
- ALSA: dice: fix buffer overflow in detect_stream_formats()
(git-fixes).
- ASoC: fsl_xcvr: clear the channel status control memory
(git-fixes).
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma
(git-fixes).
- drm/amd/display: Fix logical vs bitwise bug in
get_embedded_panel_info_v2_1() (git-fixes).
- drm/nouveau: restrict the flush page to a 32-bit address
(git-fixes).
- drm/mediatek: Fix device node reference leak in
mtk_dp_dt_parse() (git-fixes).
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
(git-fixes).
- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).
- drm/msm/a6xx: Fix out of bound IO access in
a6xx_get_gmu_registers (git-fixes).
- drm/msm/a2xx: stop over-complaining about the legacy firmware
(git-fixes).
- drm/msm/dpu: Remove dead-code in
dpu_encoder_helper_reset_mixers() (git-fixes).
- drm/vgem-fence: Fix potential deadlock on release (git-fixes).
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
(git-fixes).
- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).
- commit 7fcfbe3
- RDMA/irdma: Remove unused struct irdma_cq fields (git-fixes)
Refresh patches.suse/RDMA-irdma-Set-irdma_cq-cq_num-field-during-CQ-creat.patch
- commit acb152c
- wifi: ath12k: fix potential memory leak in
ath12k_wow_arp_ns_offload() (git-fixes).
- commit 3961250
- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line
warning (git-fixes).
- wifi: ieee80211: correct FILS status codes (git-fixes).
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
(git-fixes).
- wifi: mt76: Fix DTS power-limits on little endian systems
(git-fixes).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb() (git-fixes).
- wifi: rtl818x: Fix potential memory leaks in
rtl8180_init_rx_ring() (git-fixes).
- wifi: mac80211: fix CMAC functions not handling errors
(git-fixes).
- net: phy: adin1100: Fix software power-down ready condition
(git-fixes).
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
(git-fixes).
- wifi: ath11k: fix peer HE MCS assignment (git-fixes).
- wifi: ath11k: restore register window after global reset
(git-fixes).
- lib/vsprintf: Check pointer before dereferencing in
time_and_date() (git-fixes).
- Documentation/kernel-parameters: fix typo in retbleed= kernel
parameter description (git-fixes).
- Documentation: parport-lowlevel: Separate function listing
code blocks (git-fixes).
- docs: w1: fix w1-netlink invalid URL (git-fixes).
- crypto: ccree - Correctly handle return of sg_nents_for_len
(git-fixes).
- crypto: iaa - Fix incorrect return value in save_iaa_wq()
(git-fixes).
- crypto: rockchip - drop redundant crypto_skcipher_ivsize()
calls (git-fixes).
- crypto: hisilicon/qm - restore original qos values (git-fixes).
- crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id (git-fixes).
- crypto: authenc - Correctly pass EINPROGRESS back up to the
caller (git-fixes).
- ima: Handle error code returned by ima_filter_rule_match()
(git-fixes).
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time
(git-fixes).
- commit 912d691
- btrfs: make sure extent and csum paths are always released in
scrub_raid56_parity_stripe() (git-fixes).
- commit 6dcb53c
- Update config files: drop doubly CONFIG_MITIGATION_TSA=y
- commit e2c35ef
- media: uvcvideo: Force UVC version to 1.0a for 0408:4033
(stable-fixes).
- commit 05e9c29
- mei: me: add wildcat lake P DID (stable-fixes).
- media: pci: ivtv: Don't create fake v4l2_fh (stable-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- media: qcom: camss: cleanup media device allocated resource
on error path (git-fixes).
- efi/libstub: Avoid physical address 0x0 when doing random
allocation (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable
(git-fixes).
- media: nxp: imx8-isi: Mark all crossbar sink pads as
MUST_CONNECT (stable-fixes).
- media: imx-mipi-csis: Drop extra clock enable at probe()
(git-fixes).
- media: qcom: venus: fix incorrect return value (stable-fixes).
- media: s5p-mfc: Fix potential deadlock on condlock
(stable-fixes).
- media: radio-isa: use dev_name to fill in bus_info
(stable-fixes).
- media: ov5640: fix vblank unchange issue when work at dvp mode
(git-fixes).
- media: qcom: camss: Fix genpd cleanup (git-fixes).
- commit 5b8269a
- ACPI: property: Fix fwnode refcount leak in
acpi_fwnode_graph_parse_endpoint() (git-fixes).
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
(git-fixes).
- efi/libstub: Fix page table access in 5-level to 4-level paging
transition (git-fixes).
- efi/libstub: Describe missing 'out' parameter in efi_load_initrd
(git-fixes).
- commit 242aae6
- drm/amd/display: Prevent Gating DTBCLK before It Is Properly
Latched (git-fixes).
- commit 3b5db8b
- drm/xe: Prevent BIT() overflow when handling invalid prefetch
region (git-fixes).
- drm/i915/dp_mst: Disable Panel Replay (git-fixes).
- drm/amd/display: avoid reset DTBCLK at clock init
(stable-fixes).
- commit a80834e
- drm/amd: Skip power ungate during suspend for VPE
(stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- drm/amd/display: Fix pbn to kbps Conversion (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5
(stable-fixes).
- drm/amdgpu: fix gpu page fault after hibernation on PF
passthrough (stable-fixes).
- drm/amd/display: Insert dccg log for easy debug (stable-fixes).
- drm/amd/display: disable DPP RCG before DPP CLK enable
(stable-fixes).
- commit d2e0b93
- Input: cros_ec_keyb - fix an invalid memory access
(stable-fixes).
- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
(stable-fixes).
- drm/amd/display: Increase DPCD read retries (stable-fixes).
- drm/amd/display: Move sleep into each retry for
retrieve_link_cap() (stable-fixes).
- kconfig/nconf: Initialize the default locale at startup
(stable-fixes).
- kconfig/mconf: Initialize the default locale at startup
(stable-fixes).
- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).
- commit 7011d30
- orangefs: fix xattr related buffer overflow.. (git-fixes).
- commit f97ca07
- rpm/mkspec: Exclude azure from kernel-syms dependencies
Similar to rt azure was initially a separate kernel variant, and not all
KMPs are built for it. kernel-azure-devel should be included as explicit
build depedency to get a KMP for this kernel flavor.
- commit c174e9b
- xhci: fix stale flag preventig URBs after link state error is
cleared (git-fixes).
- drm/xe: Fix conversion from clock ticks to milliseconds
(git-fixes).
- Revert "drm/amd/display: Move setup_stream_attribute"
(stable-fixes).
- commit d37276f
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors
(git-fixes).
- spi: bcm63xx: fix premature CS deassertion on RX-only
transactions (git-fixes).
- firmware: stratix10-svc: fix bug in saving controller data
(git-fixes).
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation
(git-fixes).
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings
fields (git-fixes).
- iio: accel: fix ADXL355 startup race condition (git-fixes).
- iio:common:ssp_sensors: Fix an error handling path ssp_probe()
(git-fixes).
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).
- most: usb: fix double free on late probe failure (git-fixes).
- slimbus: ngd: Fix reference count leak in
qcom_slim_ngd_notify_slaves (git-fixes).
- serial: amba-pl011: prefer dma_mapping_error() over explicit
address checking (git-fixes).
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable()
errors (git-fixes).
- USB: storage: Remove subclass and protocol overrides from
Novatek quirk (git-fixes).
- usb: uas: fix urb unmapping issue when the uas device is remove
during ongoing data transfer (git-fixes).
- usb: dwc3: Fix race condition between concurrent
dwc3_remove_requests() call paths (git-fixes).
- xhci: dbgtty: fix device unregister (git-fixes).
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).
- drivers/usb/dwc3: fix PCI parent check (git-fixes).
- usb: storage: Fix memory leak in USB bulk transport (git-fixes).
- usb: cdns3: Fix double resource release in cdns3_pci_probe
(git-fixes).
- mailbox: mailbox-test: Fix debugfs_create_dir error checking
(git-fixes).
- drm: sti: fix device leaks at component probe (git-fixes).
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
(git-fixes).
- commit 17705d7
- net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808)
- commit 975011b
- pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463)
- commit ce07984
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (CVE-2025-40187 bsc#1253647)
- commit e8a76b4
- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf()
NULL deref (git-fixes).
- commit 0d74148
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
(git-fixes).
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed
transmitted URBs (git-fixes).
- can: sja1000: fix max irq loop handling (git-fixes).
- can: kvaser_usb: leaf: Fix potential infinite loop in command
parsers (git-fixes).
- net: phy: mxl-gpy: fix link properties on USXGMII and internal
PHYs (git-fixes).
- atm/fore200e: Fix possible data race in fore200e_open()
(git-fixes).
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing
(git-fixes).
- Bluetooth: hci_sock: Prevent race in socket write iter and
sock bind (git-fixes).
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated
PHY (git-fixes).
- platform/x86: intel: punit_ipc: fix memory corruption
(git-fixes).
- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).
- commit 2366cbf
- remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (CVE-2025-40033 bsc#1252824)
- commit 2054391
- dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134 bsc#1253386)
- commit 1e5953d
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- commit bd1d198
- KVM: arm64: Prevent access to vCPU events before init (CVE-2025-40102 bsc#1252919)
- commit 104fba7
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776)
- commit f1cab17
- Add dtb-spacemit
SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2.
- commit f2f396d
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Add capability to register Platform Name ID to
fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in
point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED
during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps
(bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point
topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs
(bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in
lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and
comments (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging
(bsc#1254119).
- commit bfcfc18
- nvme-multipath: fix lockdep WARN due to partition scan work
(git-fixes bsc#1233640 CVE-2024-53093).
- commit 28a7b7d
- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).
- commit a7bb416
- nvme: Use non zero KATO for persistent discovery connections
(git-fixes).
- commit 4d9eece
- openssl-1_1
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- libpng16
-
- security update
- added patches
CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
* libpng16-CVE-2025-28162,28164.patch
- python311
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- systemd
-
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 75eab961ea843dc161707d4af0789b018d499676
- 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- Import commit 5caaa71f4a7b00e6a6ceb396d08486af73687d45
9ecd162284 timer: rebase last_trigger timestamp if needed
cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run
c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563)
05bcfe3295 test: check the next elapse timer timestamp after deserialization
fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no
files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the
services. It can be safely removed once the update is complete.
- Import commit 00ba3646e6cb3ce40bb3de3e92f93ebec0adce6d
e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
b58e72215a units: add dep on systemd-logind.service by user@.service
97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449)
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- supportutils
-
- Changes to version 3.2.12
+ Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
+ Run in containers without errors (bsc#1245667, PR#272)
+ Removed pmap PID from memory.txt (bsc#1246011, PR#263)
+ Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
+ Improved database perforce with kGraft patching (bsc#1249657, PR#273)
+ Using last boot for journalctl for optimization (bsc#1250224, PR#287)
+ Fixed extraction failures (bsc#1252318, PR#275)
+ Update supportconfig.conf path in docs (bsc#1254425, PR#281)
+ drm_sub_info: Catch error when dir doesn't exist (PR#265)
+ Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
+ Add process affinity to slert logs (PR#269)
+ Reintroduce cgroup statistics (and v2) (PR#270)
+ Minor changes to basic-health-check: improve information level (PR#271)
+ Collect important machine health counters (PR#276)
+ powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
+ podman: collect podman disk usage (PR#279)
+ Exclude binary files in crondir (PR#282)
+ kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
+ Use short-iso for journalctl (PR#288)
- Changes to version 3.2.11
+ Collect rsyslog frule files (bsc#1244003, pr#257)
+ Remove proxy passwords (bsc#1244011, pr#257)
+ Missing NetworkManager information (bsc#1241284, pr#257)
+ Include agama logs bsc#1244937, pr#256)
+ Additional NFS conf files (pr#253)
+ New fadump sysfs files (pr#252)
+ Fixed change log dates
- xen
-
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
xsa477.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
xsa479.patch