- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix: [bsc#1256389] (gpg.fail/filename)
* GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field
* Add gnupg-accepts-path-separators-literal-data.patch
- kernel-default
-
- Move out-of-tree rt patch into the right section
- commit 125c148
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221).
- commit 0a3e886
- libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220).
- commit 2e431bc
- libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218).
- commit 518f909
- libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217).
- commit 7474e34
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP
allocations (bsc#1254447 bsc#1253087).
- commit e90ec28
- bpf/selftests: test_select_reuseport_kern: Remove unused header
(bsc#1257603).
- commit 3124f7b
- smb: client: short-circuit in open_cached_dir_by_dentry()
if !dentry (git-fixes).
- commit 82d6911
- smb: client: ensure open_cached_dir_by_dentry() only returns
valid cfid (git-fixes).
- commit d1feafe
- smb: client: split cached_fid bitfields to avoid shared-byte
RMW races (bsc#1250748,bsc#1257154).
- commit e7ce4ba
- scripts/python/git_sort/git_sort.yaml: add cifs for-next repository
- commit 0d24c51
- smb: improve directory cache reuse for readdir operations
(bsc#1252712).
- commit 20c0243
- smb: client: remove unused fid_lock (git-fixes).
- commit ed3cf07
- smb: client: update cfid->last_access_time in
open_cached_dir_by_dentry() (git-fixes).
- commit 1962196
- cifs: add new field to track the last access time of cfid
(git-fixes).
- commit 7328aa8
- smb: change return type of cached_dir_lease_break() to bool
(git-fixes).
- commit da8604d
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 16880ae
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit b3a8e60
- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1
(CVE-2026-23005 bsc#1257245).
- commit 4fcc2d5
- Update
patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch
(git-fixes CVE-2025-40097 bsc#1252900).
- Update
patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch
(git-fixes CVE-2025-71081 bsc#1256609).
- Update
patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch
(git-fixes CVE-2025-71147 bsc#1257158).
- Update
patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch
(git-fixes CVE-2024-42103 bsc#1228490).
- Update
patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch
(git-fixes CVE-2025-38243 bsc#1246184).
- Update
patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714
bsc#1254465).
- Update
patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch
(git-fixes CVE-2025-71083 bsc#1256610).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch
(git-fixes CVE-2025-71111 bsc#1256728).
- Update
patches.suse/ipmi-Rework-user-message-limit-handling.patch
(git-fixes CVE-2025-40202 bsc#1253451).
- Update
patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch
(git-fixes CVE-2025-71136 bsc#1256759).
- Update
patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch
(git-fixes CVE-2025-68819 bsc#1256664).
- Update
patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch
(git-fixes CVE-2025-68808 bsc#1256682).
- Update
patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch
(git-fixes CVE-2025-38322 bsc#1246447).
- Update
patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch
(git-fixes CVE-2025-68804 bsc#1256617).
- Update
patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch
(bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616).
- Update
patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch
(git-fixes CVE-2025-38379 bsc#1247030).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch
(git-fixes CVE-2024-53070 bsc#1233563).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch
(git-fixes CVE-2025-37813 bsc#1242909).
- Update
patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch
(bsc#1256528 CVE-2025-22047 bsc#1241437).
- commit fbc3d71
- Update
patches.suse/ALSA-pcm-Disable-bottom-softirqs-as-part-of-spin_loc.patch
(git-fixes CVE-2025-40142 bsc#1253348).
- Update
patches.suse/ASoC-Intel-sof_sdw-Prevent-jump-to-NULL-add_sidecar-.patch
(git-fixes CVE-2025-40132 bsc#1253330).
- Update
patches.suse/accel-qaic-Fix-bootlog-initialization-ordering.patch
(git-fixes CVE-2025-40177 bsc#1253443).
- Update
patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch
(git-fixes CVE-2025-71143 bsc#1256749).
- Update
patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch
(bsc#1256794 CVE-2025-71142 bsc#1256748).
- Update
patches.suse/crypto-hisilicon-qm-request-reserved-interrupt-for-v.patch
(git-fixes CVE-2025-40136 bsc#1253340).
- Update
patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch
(git-fixes CVE-2025-71141 bsc#1256756).
- Update
patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch
(git-fixes CVE-2025-68802 bsc#1256661).
- Update
patches.suse/drm-xe-guc-Check-GuC-running-state-before-deregister.patch
(git-fixes CVE-2025-40166 bsc#1253433).
- Update
patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch
(git-fixes CVE-2025-71099 bsc#1256592).
- Update
patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch
(git-fixes CVE-2025-71076 bsc#1256627).
- Update
patches.suse/efi-stmm-Fix-incorrect-buffer-allocation-method.patch
(git-fixes CVE-2025-39836 bsc#1249904).
- Update
patches.suse/nvme-tcp-remove-tag-set-when-second-admin-queue-conf.patch
(git-fixes CVE-2025-38209 bsc#1246022).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch
(git-fixes CVE-2025-71101 bsc#1256594).
- Update
patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch
(stable-fixes CVE-2025-37744 bsc#1243662).
- Update
patches.suse/x86-CPU-AMD-Terminate-the-erratum_1386_microcode-array.patch
(git-fixes CVE-2024-56721 bsc#1235566).
- Update
patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch
(git-fixes CVE-2025-37751 bsc#1242505).
- Update
patches.suse/x86-kvm-Force-legacy-PCI-hole-to-UC-when-overriding-MTRRs-.patch
(bsc#1245538 CVE-2025-40181 bsc#1253471).
- commit fbc9bf3
- Update
patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch
(stable-fixes CVE-2025-71118 bsc#1256763).
- Update
patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch
(git-fixes CVE-2025-68783 bsc#1256650).
- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch
(git-fixes CVE-2026-23006 bsc#1257208).
- Update
patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch
(git-fixes CVE-2025-71082 bsc#1256611).
- Update
patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch
(git-fixes CVE-2025-68777 bsc#1256655).
- Update
patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
(CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
- Update
patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch
(bsc#1255569 CVE-2025-68725).
- Update
patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch
(stable-fixes CVE-2025-68797 bsc#1256660).
- Update
patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch
(stable-fixes CVE-2025-40106 bsc#1252891).
- Update
patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch
(git-fixes CVE-2025-71131 bsc#1256742).
- Update
patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch
(git-fixes CVE-2025-71163 bsc#1257215).
- Update
patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch
(git-fixes CVE-2025-71162 bsc#1257204).
- Update
patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch
(git-fixes CVE-2025-71130 bsc#1256741).
- Update
patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch
(git-fixes CVE-2025-71138 bsc#1256785).
- Update
patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch
(git-fixes CVE-2025-68789 bsc#1256781).
- Update
patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch
(CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277).
- Update
patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch
(CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800).
- Update
patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch
(git-fixes CVE-2026-22997 bsc#1257202).
- Update
patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch
(git-fixes CVE-2025-71079 bsc#1256619).
- Update
patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch
(git-fixes CVE-2025-71086 bsc#1256625).
- Update
patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch
(git-fixes CVE-2025-71154 bsc#1257163).
- Update
patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
bsc#1256730).
- Update
patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch
(git-fixes CVE-2025-71132 bsc#1256737).
- Update
patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch
(git-fixes CVE-2025-68773 bsc#1256586).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch
(stable-fixes CVE-2025-68254 bsc#1255140).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch
(stable-fixes CVE-2025-68256 bsc#1255138).
- Update
patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch
(git-fixes CVE-2025-71145 bsc#1257155).
- Update
patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch
(stable-fixes CVE-2025-71108 bsc#1256774).
- Update
patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch
(stable-fixes CVE-2025-71114 bsc#1256752).
- Update
patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch
(git-fixes CVE-2026-22978 bsc#1257227).
- Update
patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch
(git-fixes CVE-2025-71100 bsc#1256593).
- commit 856d20b
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- commit b73475a
- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
(CVE-2026-22996).
- net/mlx5e: Fix crash on profile change rollback failure
(CVE-2026-23000 bsc#1257234).
- commit 46ccefc
- Refresh patches.suse/gpio-rockchip-Stop-calling-pinctrl-for-set_direction.patch
- commit 6b7cadf
- Refresh patches.suse/drm-imx-tve-fix-probe-device-leak.patch.
- commit 2ce383c
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit bcf0129
- gpio: rockchip: Stop calling pinctrl for set_direction
(git-fixes).
- commit 8cea9c9
- btrfs: do not strictly require dirty metadata threshold for
metadata writepages (stable-fixes).
- commit b83c55a
- ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion
(git-fixes).
- ASoC: fsl: imx-card: Do not force slot width to sample width
(git-fixes).
- commit 6d4f48b
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule()
(git-fixes).
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes).
- drm/nouveau/disp: Set
drm_mode_config_funcs.atomic_(check|commit) (stable-fixes).
- commit 3d95c47
- can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
(git-fixes).
- commit 4d9fa09
- gpio: omap: do not register driver in probe() (git-fixes).
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/amd/pm: fix race in power state check before mutex lock
(git-fixes).
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove (git-fixes).
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
(stable-fixes).
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
(stable-fixes).
- spi: spi-sprd-adi: Fix double free in probe error path
(git-fixes).
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling
(stable-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on
usb_submit_urb() error (git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset during power on
(stable-fixes).
- USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
(stable-fixes).
- USB: serial: option: add Telit LE910 MBIM composition
(stable-fixes).
- USB: OHCI/UHCI: Add soft dependencies on ehci_platform
(stable-fixes).
- usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS
descriptor (stable-fixes).
- usb: dwc3: Check for USB4 IP_NAME (stable-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd: Clean up kfd node on surprise disconnect
(stable-fixes).
- ASoC: codecs: wsa881x: fix unnecessary initialisation
(git-fixes).
- HID: usbhid: paper over wrong bNumDescriptor field
(stable-fixes).
- ASoC: codecs: wsa881x: Drop unused version readout
(stable-fixes).
- spi: sprd-adi: switch to use spi_alloc_host() (stable-fixes).
- spi: sprd: adi: Use devm_register_restart_handler()
(stable-fixes).
- commit 81840a7
- io_uring/poll: correctly handle io_poll_add() return value on
update (CVE-2025-71149 bsc#1257164).
- commit e38f4cf
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit 37c126f
- scripts: obsapi: Support URL trailing / in oscrc
- commit 596ed59
- scripts: uploader: Handle missing upstream in is_pr_open
- commit e7d7408
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
(CVE-2026-22977 bsc#1257053).
- ipv4: Fix reference count leak when using error routes with
nexthop objects (CVE-2025-71097 bsc#1256607).
- net: stmmac: fix the crash issue for zero copy XDP_TX action
(CVE-2025-71095 bsc#1256605).
- ethtool: Avoid overflowing userspace buffer on stats query
(CVE-2025-68795 bsc#1256688).
- bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584).
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast
route stats (CVE-2025-68800 bsc#1256646).
- mlxsw: spectrum_router: Fix neighbour use-after-free
(CVE-2025-68801 bsc#1256653).
- lan966x: Fix sleeping in atomic context (CVE-2025-68320
bsc#1255172).
- commit 6580707
- ice: fix PTP cleanup on driver removal in error path
(CVE-2025-68215 bsc#1255226).
- commit 5a32ad2
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit d911768
- ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011
bsc#1257207).
- commit dcc6c91
- wifi: mac80211: correctly decode TTLM with default link map
(git-fixes).
- nfc: nci: Fix race between rfkill and nci_unregister_device()
(git-fixes).
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes).
- net: wwan: t7xx: fix potential skb->frags overflow in RX path
(git-fixes).
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete
(git-fixes).
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
(git-fixes).
- commit 6907fd9
- smack: fix bug: unprivileged task can create labels (CVE-2025-68733 bsc#1255615).
- commit 4193ba7
- idpf: Fix RSS LUT NULL ptr issue after soft reset
(CVE-2026-22993 bsc#1257180).
- idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
(CVE-2026-22993 bsc#1257180).
- commit f308569
- idpf: Fix RSS LUT NULL ptr issue after soft reset
(CVE-2026-22993 bsc#1257180).
- idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
(CVE-2026-22993 bsc#1257180).
- commit bb6b853
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit 35a165f
- gve: defer interrupt enabling until NAPI registration
(CVE-2025-71156 bsc#1257167).
- commit df5b61b
- kabi: export inet_frag_rbtree_purge() function again
(CVE-2025-68768 bsc#1256579).
- commit d066c8d
- inet: frags: flush pending skbs in fqdir_pre_exit()
(CVE-2025-68768 bsc#1256579).
- inet: frags: add inet_frag_queue_flush() (CVE-2025-68768
bsc#1256579).
- commit 3c0c564
- mptcp: fallback earlier on simult connection (CVE-2025-71088
bsc#1256630).
- commit daab93c
- scripts: uploader: Fix no change condition for _maintainership.json
- commit 792d98c
- RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168)
- commit 1e51f3a
- =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?=
=?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?=
(CVE-2025-71094 bsc#1256597).
- commit b3acbda
- net/sched: ets: Remove drr class from the active list if it
changes to strict (CVE-2025-68815 bsc#1256680).
- commit f0fee57
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit 8f4860d
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (git-fixes).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (git-fixes).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Add support for auxiliary device servicing events (git-fixes).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (git-fixes).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- commit d6908f3
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive
aggregate in qfq_reset (CVE-2026-22976 bsc#1257035).
- commit 1b89834
- usb: renesas_usbhs: Fix synchronous external abort on unbind
(CVE-2025-68327 bsc#1255488).
- commit a41f3aa
- net: usb: asix: validate PHY address before use (CVE-2025-71094
bsc#1256597).
- net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094
bsc#1256597).
- commit addbe43
- selftests/bpf: Fix flaky bpf_cookie selftest (git-fixes).
- commit de8fecf
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- commit b6299d5
- scripts: uploader: Only reset branch when there is no open PR
Resetting the branch closes any PR which is disruptive.
With project repositories that get a lot of changes this would reset too
often if reset was enabled causing unmergeable PRs.
Yet it is necessary to reset to be able to get up-to-date state for a
new PR.
With this branch reset can be enabled for maintainership update.
- commit 60e8156
- selftests/bpf: use simply-expanded variables for libpcap flags
(bsc#1255552 CVE-2025-68363).
- commit 2c7feb9
- selftests/bpf: ns_current_pid_tgid: Rename the test function
(bsc#1255552 CVE-2025-68363).
- commit 4f40cc9
- selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test
(bsc#1255552 CVE-2025-68363).
- Refresh
patches.suse/selftests-bpf-Clean-up-open-coded-gettid-syscall-inv.patch.
- commit 0d13544
- selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552
CVE-2025-68363).
- selftests/bpf: Optionally open a dedicated namespace to run
test in it (CVE-2025-68363 bsc#1255552).
- commit 5773a45
- perf/x86/amd: Check event before enable to avoid GPF
(bsc#1256689 CVE-2025-68798).
- commit 122c93e
- selftests/bpf: Optionally open a dedicated namespace to run
test in it (CVE-2025-68363 bsc#1255552).
- commit 7fc3edd
- selftests/bpf: Monitor traffic for select_reuseport
(CVE-2025-68363 bsc#1255552).
- commit 7687d07
- selftests/bpf: Monitor traffic for sockmap_listen
(CVE-2025-68363 bsc#1255552).
- commit 200e7d4
- selftests/bpf: Monitor traffic for tc_redirect (CVE-2025-68363
bsc#1255552).
- commit ef95f02
- selftests/bpf: netns_new() and netns_free() helpers
(CVE-2025-68363 bsc#1255552).
- Refresh
patches.suse/selftests-bpf-Fix-backtrace-printing-for-selftests-c.patch.
- commit 6ac10b7
- selftests/bpf: Add the traffic monitor option to test_progs
(CVE-2025-68363 bsc#1255552).
- commit 24382fe
- selftests/bpf: Add traffic monitor functions (CVE-2025-68363
bsc#1255552).
- commit c7346b8
- blk-cgroup: fix possible deadlock while configuring policy
(CVE-2025-68178 bsc#1255266).
- commit 3f4a2e3
- bpf: Add bpf_prog_run_data_pointers() (bsc#1255241
CVE-2025-68200).
- commit 3454614
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- commit 6def8a1
- e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093
bsc#1256777).
- net/mlx5: fw_tracer, Validate format string parameters
(CVE-2025-68816 bsc#1256674).
- commit 53c77db
- ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403).
- commit de1a69a
- x86: make page fault handling disable interrupts properly
(git-fixes).
- commit e28ac6a
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 3382537
- libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388).
- commit 592067a
- kABI workaround for tpm_chip changes (CVE-2025-71077
bsc#1256613).
- commit 66e0457
- tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613).
- commit 727f4b1
- selftests: net: fib-onlink-tests: Convert to use namespaces
by default (bsc#1255346).
- commit c2a5f76
- Delete
patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch.
- commit 755a7f6
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
(git-fixes).
- commit 7e4403b
- NFSD: Fix permission check for read access to executable-only
files (git-fixes).
- commit 2ce0763
- nfsd: Drop the client reference in client_states_open()
(git-fixes).
- commit 8226664
- svcrdma: return 0 on success from svc_rdma_copy_inline_range
(git-fixes).
- commit d34b05e
- NFSD: use correct reservation type in nfsd4_scsi_fence_client
(git-fixes).
- commit 2de8cf6
- NFSD/blocklayout: Fix minlength check in proc_layoutget
(git-fixes).
- commit 91340f9
- NFS: Fix up the automount fs_context to use the correct cred
(git-fixes).
- commit 99b1550
- NFSv4: ensure the open stateid seqid doesn't go backwards
(git-fixes).
- commit ca47c84
- exfat: fix remount failure in different process environments
(git-fixes).
- commit ec2e76f
- exfat: check return value of sb_min_blocksize in
exfat_read_boot_sector (git-fixes).
- commit 99696d0
- w1: fix redundant counter decrement in w1_attach_slave_device()
(git-fixes).
- w1: therm: Fix off-by-one buffer overflow in alarms_store
(git-fixes).
- comedi: dmm32at: serialize use of paged registers (git-fixes).
- uacce: ensure safe queue release with state management
(git-fixes).
- uacce: implement mremap in uacce_vm_ops to return -EPERM
(git-fixes).
- uacce: fix isolate sysfs check condition (git-fixes).
- uacce: fix cdev handling in the cleanup path (git-fixes).
- slimbus: core: fix of_slim_get_device() kernel doc (git-fixes).
- slimbus: core: fix device reference leak on report present
(git-fixes).
- slimbus: core: fix runtime PM imbalance on report present
(git-fixes).
- slimbus: core: fix OF node leak on registration failure
(git-fixes).
- intel_th: fix device leak on output open() (git-fixes).
- comedi: Fix getting range information for subdevices 16 to 255
(git-fixes).
- iio: accel: iis328dq: fix gain values (git-fixes).
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
(git-fixes).
- iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without
event detection (git-fixes).
- iio: adc: ad9467: fix ad9434 vref mask (git-fixes).
- iio: adc: ad7280a: handle spi_setup() errors in probe()
(git-fixes).
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in
sama5d2_adc driver (git-fixes).
- serial: 8250_pci: Fix broken RS485 for F81504/508/512
(git-fixes).
- comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes).
- commit 50f3b9f
- bpf: Do not let BPF test infra emit invalid GSO types to stack
(bsc#1255569).
- commit 1df0a4e
- platform/x86: hp-bioscfg: Fix automatic module loading
(git-fixes).
- platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID
macro (git-fixes).
- platform/x86: hp-bioscfg: Fix kobject warnings for empty
attribute names (git-fixes).
- platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes).
- drm/imagination: Wait for FW trace update command completion
(git-fixes).
- commit de62d29
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
(git-fixes).
- mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in
HS200/HS400 mode (git-fixes).
- regmap: Fix race condition in hwspinlock irqsave routine
(git-fixes).
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(git-fixes).
- ALSA: scarlett2: Fix buffer overflow in config retrieval
(git-fixes).
- ALSA: usb: Increase volume range that triggers a warning
(git-fixes).
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
(git-fixes).
- drm/amd/pm: Don't clear SI SMC table when setting power limit
(git-fixes).
- drm/nouveau: implement missing DCB connector types; gracefully
handle unknown connectors (git-fixes).
- drm/nouveau: add missing DCB connector types (git-fixes).
- commit 03d895b
- io_uring: fix filename leak in __io_openat_prep()
(CVE-2025-68814 bsc#1256651).
- commit 4d3284d
- drm/amd/pm: fix smu overdrive data type wrong issue on smu
14.0.2 (git-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd: Clean up kfd node on surprise disconnect
(stable-fixes).
- commit 6d02dff
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760)
- commit f080c28
- net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654)
- commit d8f982b
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547)
- commit 31c810e
- team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773)
- commit fb6bd76
- md/raid5: fix possible null-pointer dereferences in
raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761).
- commit 06431f4
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
bsc#1256612).
- commit 74dac8b
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- net/handshake: duplicate handshake cancellations leak socket
(CVE-2025-68775 bsc#1256665).
- commit 5f03ae0
- wifi: mac80211: don't perform DA check on S1G beacon
(git-fixes).
- commit 99fd461
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (git-fixes).
- dpll: Prevent duplicate registrations (git-fixes).
- wifi: ath12k: fix dma_free_coherent() pointer (git-fixes).
- wifi: ath10k: fix dma_free_coherent() pointer (git-fixes).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
(git-fixes).
- wifi: rsi: Fix memory corruption due to not set vif driver
data size (git-fixes).
- usbnet: limit max_mtu based on device's hard_mtu (git-fixes).
- mISDN: annotate data-race around dev->work (git-fixes).
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory
leak (git-fixes).
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory
leak (git-fixes).
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB
memory leak (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
(git-fixes).
- Revert "nfc/nci: Add the inconsistency check between the input
data length and count" (git-fixes).
- net: usb: dm9601: remove broken SR9700 support (git-fixes).
- leds: led-class: Only Add LED to leds_list when it is fully
ready (git-fixes).
- dpll: fix device-id-get and pin-id-get to return errors properly
(git-fixes).
- dpll: spec: add missing module-name and clock-id to pin-get
reply (git-fixes).
- dpll: fix return value check for kmemdup (git-fixes).
- dpll: indent DPLL option type by a tab (git-fixes).
- commit 0acacf9
- drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339)
- commit 42c8fa8
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- commit 2f69405
- mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257
bsc#1254842).
- commit 83400eb
- fsnotify: do not generate ACCESS/MODIFY events on child for
special files (bsc#1256638 CVE-2025-68788).
- commit 6b6945d
- ext4: xattr: fix null pointer deref in ext4_raw_inode()
(bsc#1256754 CVE-2025-68820).
- commit 8f80a8b
- ext4: fix string copying in parse_apply_sb_mount_options()
(bsc#1256757 CVE-2025-71123).
- commit bd1f757
- ext4: add i_data_sem protection in
ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261).
- commit 835edb6
- nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372).
- commit 4a0d1d2
- nbd: defer config unlock in nbd_genl_connect (bsc#1255622
CVE-2025-68366).
- commit 7dc2ba0
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when
file system corrupted (bsc#1255482 CVE-2025-68337).
- commit dea6220
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
(CVE-2025-68325 bsc#1255417).
- commit 0e9df03
- tcp: use dst_dev_rcu() in
tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188
bsc#1255269).
- commit 36ba28e
- net: ipv6: fix field-spanning memcpy warning in AH output
(CVE-2025-40363 bsc#1255102).
- commit b54ffd4
- ipv4: route: Prevent rt_bind_exception() from rebinding stale
fnhe (CVE-2025-68241 bsc#1255157).
- net: netpoll: fix incorrect refcount handling causing incorrect
cleanup (CVE-2025-68245 bsc#1255268).
- commit f673593
- Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch
Fix the missing cleanup, folding the upsteram stable 6.12.y fix
(commit d28c1b1566a1) into the backport patch itself.
- commit d2ae2ac
- of: fix reference count leak in of_alias_scan() (git-fixes).
- of: platform: Use default match table for /firmware (git-fixes).
- ata: libata: Add cpr_log to ata_dev_print_features() early
return (git-fixes).
- commit 403f41b
- NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803
bsc#1256770).
- commit cae9b7a
- nfsd: set security label during create operations
(CVE-2025-68803 bsc#1256770).
- commit 8ee0c2b
- RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733)
- commit c4b2e81
- RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622)
- commit 695ad1f
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
(CVE-2025-71080 bsc#1256608).
- commit d2e316c
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779).
- commit 400a381
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 386a47a
- arp: do not assume dev_hard_header() does not change skb->head
(CVE-2025-71098 bsc#1256591).
- ip6_gre: make ip6gre_header() robust (CVE-2025-71098
bsc#1256591).
- commit 0de7076
- sched/rt: Skip group schedulable check with rt_group_sched=0
(bsc#1256568).
- commit 3119d3b
- Refresh
patches.suse/pre-v6.12-sched-Move-default-rt_bandwidth-to-root_task_group.patch. (bsc#1256568)
rt/group: Propagate global rt_runtime into root_task_group rqs
Update root group rq's rt_runtime amount so that it matches the global
RT throttling amount after update. It'd be eventually refilled from
do_sched_rt_period_timer() but when the timer is idle the change would
not propagate and one period may be miss-throttled.
- commit 09fa5a4
- Refresh
patches.suse/pre-v6.12-sched-Move-default-rt_bandwidth-to-root_task_group.patch. (bsc#1256568)
rt/group: Fix schedulability check with global RT limit
The global RT limit is stored in the root task_group so when the limit
is being lowered, the new value would be validated against the old one
(in sysctl_*) and never pass. But because we unified the global RT limit
with root task_group's limit, carry out the schedulability test as if
global values were configured to the root_task_group (they eventually
are).
- commit 1a0d83b
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit 4190209
- dmaengine: apple-admac: Add "apple,t8103-admac" compatible
(git-fixes).
- dmaengine: omap-dma: fix dma_pool resource leak in error paths
(git-fixes).
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
(git-fixes).
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes).
- dmaengine: xilinx_dma: Fix uninitialized addr_width when
"xlnx,addrwidth" property is missing (git-fixes).
- dmaengine: tegra-adma: Fix use-after-free (git-fixes).
- dmaengine: ti: k3-udma: fix device leak on udma lookup
(git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on am335x route
allocation (git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route
allocation (git-fixes).
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation
(git-fixes).
- dmaengine: idxd: fix device leaks on compat bind and unbind
(git-fixes).
- dmaengine: dw: dmamux: fix OF node leak on route allocation
failure (git-fixes).
- dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes).
- dmaengine: at_hdmac: fix device leak on of_dma_xlate()
(git-fixes).
- dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes).
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
(git-fixes).
- phy: rockchip: inno-usb2: fix communication disruption in
gadget mode (git-fixes).
- phy: rockchip: inno-usb2: fix disconnection in gadget mode
(git-fixes).
- phy: stm32-usphyc: Fix off by one in probe() (git-fixes).
- commit c2d8602
- Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch
- commit 462d775
- gpio: pca953x: fix wrong error probe return value (git-fixes).
- commit df5f5f1
- drm/amdgpu: Fix query for VPE block_type and ip_count
(stable-fixes).
- drm/amd/display: Apply e4479aecf658 to dml (stable-fixes).
- drm/amdkfd: Fix improper NULL termination of queue restore
SMI event string (stable-fixes).
- drm/amd/display: shrink struct members (stable-fixes).
- drm/amd/display: Respect user's CONFIG_FRAME_WARN more for
dml files (stable-fixes).
- commit 1aaadcf
- gpio: pca953x: Utilise temporary variable for struct device
(stable-fixes).
- Refresh
patches.suse/gpio-pca953x-log-an-error-when-failing-to-get-the-re.patch.
- commit b07f679
- lib/crypto: aes: Fix missing MMU protection for AES S-box
(git-fixes).
- mei: me: add nova lake point S DID (stable-fixes).
- gpio: pca953x: handle short interrupt pulses on PCAL devices
(git-fixes).
- drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
(stable-fixes).
- ASoC: fsl_sai: Add missing registers to cache default
(stable-fixes).
- ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
(stable-fixes).
- ALSA: usb-audio: Update for native DSD support quirks
(stable-fixes).
- drm/amd/display: Fix DP no audio issue (stable-fixes).
- powercap: fix sscanf() error return value handling
(stable-fixes).
- powercap: fix race condition in register_control_type()
(stable-fixes).
- can: j1939: make j1939_session_activate() fail if device is
no longer registered (stable-fixes).
- mei: me: add wildcat lake P DID (stable-fixes).
- gpio: pca953x: Add support for level-triggered interrupts
(stable-fixes).
- gpio: pca953x: Utilise dev_err_probe() where it makes sense
(stable-fixes).
- commit 46ebab7
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- commit fae1ed0
- ASoC: codecs: wsa881x: fix unnecessary initialisation
(git-fixes).
- commit 7c749f7
- ASoC: codecs: wsa883x: fix unnecessary initialisation
(git-fixes).
- commit 9ad50cc
- drm/amd/display: Initialise backlight level values from hw
(git-fixes).
- commit c2d3b2d
- drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions
(git-fixes).
- commit 9168dd5
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
(git-fixes).
- drm/panel-simple: fix connector type for DataImage
SCF0700C48GGU18 panel (git-fixes).
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
(git-fixes).
- drm/amdkfd: fix a memory leak in device_queue_manager_init()
(git-fixes).
- ASoC: tlv320adcx140: fix word length (git-fixes).
- ASoC: tlv320adcx140: fix null pointer (git-fixes).
- ASoC: codecs: wsa884x: fix codec initialisation (git-fixes).
- commit b212696
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync
flags (CVE-2025-68764 bsc#1255930).
- commit 84f3f58
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659)
- commit 86f02f8
- fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365 bsc#1255548)
- commit 354fd40
- ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728 bsc#1255539)
- commit 3c62fa0
- iavf: fix off-by-one issues in iavf_config_rss_reg()
(CVE-2025-71087 bsc#1256628).
- commit 8d4da32
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695)
- commit 8aea2cc
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- commit eb0fac0
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863).
- scsi: qla2xxx: Fix bsg_done() causing double free
(bsc#1256863).
- scsi: qla2xxx: Query FW again before proceeding with login
(bsc#1256863).
- scsi: qla2xxx: Validate sp before freeing associated memory
(bsc#1256863).
- scsi: qla2xxx: Free sp in error path to fix system crash
(bsc#1256863).
- scsi: qla2xxx: Delay module unload while fabric scan in progress
(bsc#1256863).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863).
- scsi: qla2xxx: Add bsg interface to support firmware img
validation (bsc#1256863).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h
(bsc#1256863).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx
(bsc#1256863).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863).
- scsi: qla2xxx: Add Speed in SFP print information
(bsc#1256863).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get()
(bsc#1256861).
- commit da9bd89
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839).
- commit 95251dd
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544).
- commit fea667d
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit 238038b
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit b6c7c30
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate
session upon receiving the second rts (git-fixes).
- can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher
than 1 MBit (git-fixes).
- can: etas_es58x: allow partial RX URB allocation to succeed
(git-fixes).
- commit 6e93ffe
- ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727 bsc#1255568)
- commit 97681c7
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit fdc5baf
- interconnect: Don't access req_list while it's being manipulated
(CVE-2023-54013 bsc#1256280).
- commit 397aee1
- interconnect: Fix locking for runpm vs reclaim (CVE-2023-54013
bsc#1256280).
- commit bacbc82
- cpuset: fix warning when disabling remote partition
(bsc#1256794).
- commit 760a28c
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit 7a5edbb
- mptcp: Fix proto fallback detection with BPF (CVE-2025-68227
bsc#1255216).
- commit 557d74c
- sysfs: check visibility before changing group attribute
ownership (CVE-2025-40355 bsc#1255261).
- commit 7b1e9ed
- x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171
bsc#1255255).
- commit 265a09f
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- commit 87d4295
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl()
(git-fixes).
- nvmet-auth: update sc_c in target host hash calculation
(git-fixes).
- nvmet-auth: update sc_c in host response (git-fixes).
- commit 1ece4fd
- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134 CVE-2025-68230)
- commit 19b936b
- net: atlantic: fix fragment overflow handling in RX path
(CVE-2025-68301 bsc#1255120).
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: openvswitch: remove never-working support for setting
nsh fields (CVE-2025-40254 bsc#1254852).
- net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238
bsc#1254871).
- net/mlx5e: RX, Fix generating skb from non-linear xdp_buff
for striding RQ (CVE-2025-40350 bsc#1255260).
- commit 07231fa
- drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095 CVE-2025-40360)
- commit adae9ca
- amd/amdkfd: enhance kfd process check in switch partition
(CVE-2025-68174 bsc#1255327).
- commit 9e3bffb
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131).
- commit a195e39
- selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when
transport_header is not set (CVE-2025-68363 bsc#1255552).
- commit 742de98
- bpf: Check skb->transport_header is set in bpf_skb_check_mtu
(CVE-2025-68363 bsc#1255552).
- commit f6cdd52
- drm/amdgpu: remove two invalid BUG_ON()s (CVE-2025-68201 bsc#1255136)
- commit 9a27d5e
- Refresh
patches.suse/cifs-after-disabling-multichannel-mark-tcon-for-reconnect.patch.
- Refresh
patches.suse/cifs-avoid-redundant-calls-to-disable-multichannel.patch.
- Refresh
patches.suse/cifs-cifs_pick_channel-should-try-selecting-active-channels.patch.
- Refresh
patches.suse/cifs-deal-with-the-channel-loading-lag-while-picking-channels.patch.
- Refresh
patches.suse/cifs-dns-resolution-is-needed-only-for-primary-channel.patch.
- Refresh
patches.suse/cifs-do-not-search-for-channel-if-server-is-terminating.patch.
- Refresh
patches.suse/cifs-fix-a-pending-undercount-of-srv_count.patch.
- Refresh
patches.suse/cifs-fix-lock-ordering-while-disabling-multichannel.patch.
- Refresh
patches.suse/cifs-fix-stray-unlock-in-cifs_chan_skip_or_disable.patch.
- Refresh
patches.suse/cifs-fix-use-after-free-for-iface-while-disabling-secondary-channel.patch.
- Refresh
patches.suse/cifs-handle-when-server-stops-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-reconnect-worker-should-take-reference-on-server-struct-uncond.patch.
- Refresh
patches.suse/cifs-reset-connections-for-all-channels-when-reconnect-requested.patch.
- Refresh
patches.suse/cifs-reset-iface-weights-when-we-cannot-find-a-candidate.patch.
- Refresh
patches.suse/smb-client-fix-cifs_pick_channel-when-channel-needs-reconnect.patch.
- Refresh
patches.suse/smb-client-introduce-close_cached_dir_locked-.patch.
- Refresh
patches.suse/smb3-add-missing-null-server-pointer-check.patch.
- commit 966613b
- cifs: fix use after free for iface while disabling secondary
channels (git-fixes).
- commit dfe1d44
- cifs: reconnect worker should take reference on server struct
unconditionally (git-fixes).
- Refresh
patches.suse/cifs-handle-servers-that-still-advertise-multichannel-after-disabli.patch.
- Refresh
patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch.
- commit a6f7e74
- Refresh
patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch.
- commit f14b40c
- cifs: avoid redundant calls to disable multichannel (git-fixes).
- smb3: add missing null server pointer check (git-fixes).
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch.
- Refresh
patches.suse/cifs-serialize-other-channels-when-query-server-interfaces-is-pendi.patch.
- commit 6f71d7c
- cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes).
- commit 9d297d5
- cifs: do not search for channel if server is terminating
(git-fixes).
- commit 1796cf0
- cifs: handle servers that still advertise multichannel after
disabling (git-fixes).
- cifs: serialize other channels when query server interfaces
is pending (git-fixes).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch.
- Refresh
patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch.
- Refresh
patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch.
- Refresh
patches.suse/smb3-fix-for-slab-out-of-bounds-on-mount-to-ksmbd.patch.
- commit e76704e
- smb: client: fix cifs_pick_channel when channel needs reconnect
(git-fixes).
- commit 59edbd9
- cifs: cifs_pick_channel should try selecting active channels
(git-fixes).
- commit 3f9ba92
- sqlite3
-
- Sync version 3.51.2 from Factory:
* CVE-2025-7709, bsc#1254670: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- mdadm
-
- Update to version 4.4+31.g541b40d3:
* fix crash with homehost=none (bsc#1254541)
- Update to version 4.4+30.g9a59bf51:
* mdcheck: work around bash 5.3 bug (bsc#1254087)
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- suse-module-tools
-
- Update to version 15.7.10:
* udev rules: write block queue attributes only if necessary
(bsc#1254928)
- Update to version 15.7.9:
* 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents
(bsc#1254264)
* udev: use systemd service to remount tmpfs (bsc#1253679)
- xen
-
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
6978b5a5-x86-shadow-dont-overrun-trace_emul_write_val.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
6978b5bf-x86-spec-ctrl-incomplete-IBPB-at-cswitch.patch
- Upstream bug fixes (bsc#1027519)
691b3550-x86-ucode-add-rows-to-entrysign-table.patch
69247713-x86-ucode-error-handling-parallel.patch
6926be59-x86-vMSI-X-refcount.patch
6926e01d-x86-vHPET-IRQ-route-sanitization.patch
692896dc-x86-AMD-Zenbleed-mitigation-static.patch
692dc059-x86-AMD-DE_CFG-editing.patch
693a85c2-x86-PoD-decrease_reservation-clearing-M2P.patch
693a85d6-x86-update-log-dirty-bitmap-when-.patch
695f816a-x86-HVM-more-strict-XENMAPSPACE_gmfn-source-types.patch
6964e408-x86-retval-of-has_if_pschange_mc.patch
6978c4b0-x86-AMD-fold-another-DE_CFG-edit.patch
- Dropped in favor of upstream patch
xsa477.patch
xsa479.patch