- bind
-
- Upgrade to release 9.20.18
Security Fixes:
* Fix incorrect length checks for BRID and HHIT records.
(CVE-2025-13878)
[bsc#1256997]
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
- curl
-
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- Security fixes:
* [bsc#1255731, CVE-2025-14524] if redirected, require permission to use bearer
* [bsc#1255734, CVE-2025-15224] require private key or user-agent for public key auth
* [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
* [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file
* Add patches:
- curl-CVE-2025-14524.patch
- curl-CVE-2025-15224.patch
- curl-CVE-2025-14819.patch
- curl-CVE-2025-15079.patch
- lvm2
-
- L3: systemd fails to start lvmlockd with sanlock running (bsc#1246691)
* Add upstream patches for sd_notify configure option
+ bug-1246691_01-configure.ac-build-lvmlockd-with-notify.patch
+ bug-1246691_02-configure-autoreconf.patch
+ bug-1246691_03-configure.ac-add-option-disable-enable-sd-notify.patch
+ bug-1246691_04-lvmlockd-utilize-SD_NOTIFY_SUPPORT.patch
+ bug-1246691_05-configure-autoreconf.patch
* Update lvm2.spec
+ add pkgconfig(systemd) for lvmlockd build
+ enable configure option '--enable-sd-notify' for lvmlockd
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- Add CVE fixes:
+ glib2-CVE-2025-13601-1.patch, glib2-CVE-2025-13601-2.patch
(bsc#1254297 CVE-2025-13601 glgo#GNOME/glib#3827).
+ glib2-CVE-2025-14087-1.patch, glib2-CVE-2025-14087-2.patch,
glib2-CVE-2025-14087-3.patch (bsc#1254662 CVE-2025-14087
glgo#GNOME/glib#3834).
+ glib2-CVE-2025-14512.patch (bsc#1254878 CVE-2025-14512
glgo#GNOME/glib#3845).
- glibc
-
- memalign-overflow-check.patch: memalign: reinstate alignment overflow
check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache
contention workloads (bsc#1256437, BZ #33704)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- gpg2
-
- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
* gpg: Fix possible memory corruption in the armor parser [T7906]
* Add gnupg-CVE-2025-68973.patch
- Security fix: [bsc#1256246] (gpg.fail/sha1)
* gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904]
* Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch
- Security fix: [bsc#1256244] (gpg.fail/detached)
* gpg: Error out on unverified output for non-detached signatures [T7903]
* Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
- Security fix: [bsc#1256243]
* gpg2 agent: Fix a memory leak
* Add patch gnupg-agent-memleak.patch
- Security fix: [bsc#1256390] (gpg.fail/notdash)
* gpg2: Cleartext Signature Forgery in the NotDashEscaped header
implementation in GnuPG
* Add patch gnupg-notdash-escape.patch
- kernel-default
-
- ext4: use optimized mballoc scanning regardless of inode format
(bsc#1254378).
- commit aa95fec
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit e7dee05
- x86/microcode/AMD: Select which microcode patch to load
(bsc#1256528).
- Refresh
patches.suse/x86-microcode-AMD-Handle-the-case-of-no-BIOS-microcode.patch.
- commit 3b809fe
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix
Halo (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
(bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking
(bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known
generations (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples
(bsc#1256528).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final
(bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load
microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block
loading of any unreleased standalone Zen5 microcode patches
(bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
(bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check
(bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches
(bsc#1256528).
- commit ed14359
- bpf: Fix invalid prog->stats access when update_effective_progs
fails (CVE-2025-68742 bsc#1255707).
- commit 53d4b3c
- bpf: Improve program stats run-time calculation (CVE-2025-68742
bsc#1255707).
- commit 4ed738f
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit dce9b13
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 46a797f
- bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242)
- commit 85b99e2
- tracing: Fix access to trace_event_file (bsc#1254373).
- commit 768b257
- Move out-of-tree patches into the right section
- commit 314797b
- drm/sched: Fix race in drm_sched_entity_select_rq() (git-fixes).
- commit d597802
- virtio_console: fix order of fields cols and rows
(stable-fixes).
- commit 0d412d7
- drm/amdgpu: Forward VMID reservation errors (git-fixes).
- commit a7344a2
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling
(stable-fixes).
- Refresh
patches.suse/pinctrl-single-fix-bias-pull-up-down-handling-in-pin.patch.
- commit bc41b99
- usb: ohci-nxp: fix device leak on probe failure (git-fixes).
- usb: usb-storage: Maintain minimal modifications to the
bcdDevice range (git-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042
quirk table (stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- i2c: designware: Disable SMBus interrupts to prevent storms
from mis-configured firmware (stable-fixes).
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to
VGBS DMI quirks (stable-fixes).
- pinctrl: single: Fix incorrect type for error return variable
(git-fixes).
- i3c: fix refcount inconsistency in i3c_master_register
(git-fixes).
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE
parsing (stable-fixes).
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie()
parser (stable-fixes).
- USB: serial: option: move Telit 0x10c7 composition in the
right place (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 new
compositions (stable-fixes).
- USB: serial: option: add Foxconn T99W760 (stable-fixes).
- USB: serial: ftdi_sio: match on interface number for jtag
(stable-fixes).
- usb: usb-storage: No additional quirks need to be added to
the EL-R12 optical drive (stable-fixes).
- usb: dwc2: fix hang during shutdown if set as peripheral
(git-fixes).
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
(stable-fixes).
- usb: typec: ucsi: Handle incorrect num_connectors capability
(stable-fixes).
- usbip: Fix locking bug in RT-enabled kernels (stable-fixes).
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
(stable-fixes).
- serial: add support of CPCI cards (stable-fixes).
- char: applicom: fix NULL pointer dereference in ac_ioctl
(stable-fixes).
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for
gcc complains (stable-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- via_wdt: fix critical boot hang due to unnamed resource
allocation (stable-fixes).
- ipmi: Fix __scan_channels() failing to rescan channels
(stable-fixes).
- ipmi: Fix the race between __scan_channels() and
deliver_response() (stable-fixes).
- reset: fix BIT macro reference (stable-fixes).
- firmware: imx: scu-irq: Init workqueue before request mbox
channel (stable-fixes).
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
(stable-fixes).
- mmc: sdhci-msm: Avoid early clock doubling during HS400
transition (stable-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation
of appl_ptr (git-fixes).
- media: amphion: Remove vpu_vb_is_codecconfig (git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
(stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1
(stable-fixes).
- ACPI: property: Use ACPI functions in
acpi_graph_get_next_endpoint() only (stable-fixes).
- ACPICA: Avoid walking the Namespace if start_node is NULL
(stable-fixes).
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration
(stable-fixes).
- platform/x86: acer-wmi: Ignore backlight event (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
(stable-fixes).
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally
(stable-fixes).
- platform/x86: huawei-wmi: add keys for HONOR models
(stable-fixes).
- HID: elecom: Add support for ELECOM M-XT3URBK (018F)
(stable-fixes).
- HID: hid-input: Extend Elan ignore battery quirk to USB
(stable-fixes).
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk
list (stable-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- spi: xilinx: increase number of retries before declaring stall
(stable-fixes).
- spi: imx: keep dma request disabled before dma transfer setup
(stable-fixes).
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series
(stable-fixes).
- Bluetooth: btrtl: Avoid loading the config file on security
chips (stable-fixes).
- media: amphion: Make some vpu_v4l2 functions static
(stable-fixes).
- usb: dwc2: disable platform lowlevel hw resources during
shutdown (stable-fixes).
- media: amphion: Add a frame flush mode for decoder
(stable-fixes).
- usb: ohci-nxp: Use helper function devm_clk_get_enabled()
(stable-fixes).
- drm/tilcdc: request and mapp iomem with devres (stable-fixes).
- media: verisilicon: g2: Use common helpers to compute chroma
and mv offsets (stable-fixes).
- media: verisilicon: Store chroma and motion vectors offset
(stable-fixes).
- i3c: master: Inherit DMA masks and parameters from parent device
(stable-fixes).
- commit bc3be49
- supported.conf: mark ksmbd unsupported
Based on discussion with Enzo Matsumiya it has tuned out that ksmbd
module is unsupported but the supported.conf entry is incorrect. Fix
that.
- commit c800e3f
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in
EEH event handling (bsc#1253262 ltc#216029).
- commit daa4104
- Update
patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch
(git-fixes CVE-2025-40294 bsc#1255181).
- Update
patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch
(git-fixes CVE-2025-40213 bsc#1253674).
- Update
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch
(git-fixes CVE-2025-68298 bsc#1255124).
- Update
patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch
(git-fixes CVE-2025-68306 bsc#1255145).
- Update
patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch
(git-fixes CVE-2025-68749 bsc#1255724).
- Update
patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch
(stable-fixes CVE-2025-40354 bsc#1255316).
- Update
patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch
(stable-fixes CVE-2025-68190 bsc#1255131).
- Update
patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch
(stable-fixes CVE-2025-68230 bsc#1255134).
- Update
patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch
(stable-fixes CVE-2025-40339 bsc#1255428).
- Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch
(stable-fixes CVE-2025-68201 bsc#1255136).
- Update
patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch
(bsc#1243112 CVE-2025-40332 bsc#1255116).
- Update
patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch
(git-fixes CVE-2025-68184 bsc#1255220).
- Update
patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch
(git-fixes CVE-2025-68747 bsc#1255723).
- Update
patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch
(git-fixes CVE-2025-40225 bsc#1254827).
- Update
patches.suse/drm-panthor-Flush-shmem-writes-before-mapping-buffer.patch
(git-fixes CVE-2025-40276 bsc#1254824).
- Update
patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch
(git-fixes CVE-2025-68170 bsc#1255256).
- Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch
(git-fixes CVE-2025-68181 bsc#1255247).
- Update
patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch
(stable-fixes CVE-2025-68223 bsc#1255357).
- Update
patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch
(git-fixes CVE-2025-40360 bsc#1255095).
- Update
patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch
(stable-fixes CVE-2025-40340 bsc#1254996).
- Update
patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch
(git-fixes CVE-2025-68207 bsc#1255234).
- Update
patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch
(git-fixes CVE-2025-40302 bsc#1255196).
- Update
patches.suse/perf-x86-intel-Fix-KASAN-global-out-of-bounds-warning.patch
(git-fixes CVE-2025-40359 bsc#1255087).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- commit 946dbf2
- Update
patches.suse/1260-drm-amdkfd-Add-missing-gfx11-MQD-manager-callbacks.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54261
bsc#1255879).
- Update
patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch
(git-fixes CVE-2025-40211 bsc#1254126).
- Update
patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch
(git-fixes CVE-2025-68346 bsc#1255603).
- Update
patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch
(git-fixes CVE-2025-68753 bsc#1256238).
- Update
patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch
(git-fixes CVE-2025-68347 bsc#1255706).
- Update
patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch
(git-fixes CVE-2025-68345 bsc#1255601).
- Update
patches.suse/ALSA-pcm-Fix-potential-data-race-at-PCM-memory-.patch
(bsc#1012628 CVE-2023-54072 bsc#1256291).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch
(git-fixes CVE-2025-40275 bsc#1254829).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-memory-leaks-at-error-p.patch
(jsc#PED-6045 jsc#PED-6036 jsc#PED-6104 jsc#PED-6114
jsc#PED-6067 jsc#PED-6123 CVE-2023-54022 bsc#1255545).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
(stable-fixes CVE-2025-40269 bsc#1255035).
- Update
patches.suse/ASoC-codecs-wcd-mbhc-v2-fix-resource-leaks-on-c.patch
(bsc#1012628 CVE-2023-53842 bsc#1254690).
- Update
patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch
(git-fixes CVE-2025-40282 bsc#1254850).
- Update
patches.suse/Bluetooth-ISO-fix-iso_conn-related-locking-and-.patch
(bsc#1012628 CVE-2023-54164 bsc#1256071).
- Update
patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch
(git-fixes CVE-2025-40284 bsc#1254860).
- Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch
(stable-fixes CVE-2025-40309 bsc#1255065).
- Update
patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch
(stable-fixes CVE-2025-40308 bsc#1255064).
- Update
patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch
(git-fixes CVE-2025-40283 bsc#1254858).
- Update
patches.suse/Bluetooth-hci_conn-return-ERR_PTR-instead-of-NU.patch
(bsc#1012628 CVE-2023-54038 bsc#1255540).
- Update
patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch
(git-fixes CVE-2025-40301 bsc#1255193).
- Update
patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch
(git-fixes CVE-2025-68305 bsc#1255169).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-.patch
(bsc#1012628 CVE-2023-54210 bsc#1255955).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-for-h.patch
(git-fixes CVE-2023-53828 bsc#1254623).
- Update
patches.suse/Bluetooth-hci_sync-Fix-UAF-in-hci_disconnect_all_syn.patch
(git-fixes CVE-2023-53762 bsc#1254606).
- Update
patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch
(git-fixes CVE-2025-40318 bsc#1254798).
- Update
patches.suse/FS-JFS-Check-for-read-only-mounted-filesystem-i.patch
(bsc#1012628 CVE-2023-53766 bsc#1255005).
- Update
patches.suse/HID-hidraw-fix-data-race-on-device-refcount.patch
(bsc#1012628 CVE-2023-53759 bsc#1254663).
- Update
patches.suse/HID-uclogic-Correct-devm-device-reference-for-hidinp.patch
(git-fixes CVE-2023-54207 bsc#1255961).
- Update
patches.suse/HID-wacom-Use-ktime_t-rather-than-int-when-deal.patch
(bsc#1012628 CVE-2023-53797 bsc#1254733).
- Update
patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch
(stable-fixes CVE-2025-40263 bsc#1255077).
- Update
patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch
(git-fixes CVE-2025-40262 bsc#1254840).
- Update
patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch
(git-fixes CVE-2025-68217 bsc#1255221).
- Update
patches.suse/KVM-SVM-Get-source-vCPUs-from-source-VM-for-SEV-ES-i.patch
(git-fixes CVE-2023-54296 bsc#1255793).
- Update
patches.suse/KVM-s390-pv-fix-index-value-of-replaced-ASCE.patch
(bsc#1012628 CVE-2023-54092 bsc#1256370).
- Update patches.suse/MIPS-KVM-Fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-54241 bsc#1255838).
- Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch
(git-fixes CVE-2025-40324 bsc#1254791).
- Update
patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch
(git-fixes CVE-2025-40273 bsc#1254828).
- Update patches.suse/PCI-DOE-Fix-destroy_work_on_stack-race.patch
(git-fixes CVE-2023-54235 bsc#1255921).
- Update
patches.suse/PCI-Free-released-resource-after-coalescing.patch
(git-fixes CVE-2023-53743 bsc#1254782).
- Update
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch
(git-fixes CVE-2025-40219 bsc#1254518).
- Update
patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch
(stable-fixes CVE-2025-68176 bsc#1255329).
- Update
patches.suse/RDMA-bnxt_re-Prevent-handling-any-completions-a.patch
(bsc#1012628 CVE-2023-54048 bsc#1256395).
- Update
patches.suse/RDMA-efa-Fix-wrong-resources-deallocation-order.patch
(git-fixes CVE-2023-54201 bsc#1255964).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-completion-stat.patch
(bsc#1012628 CVE-2023-54302 bsc#1255792).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-request-done.patch
(bsc#1012628 CVE-2023-54292 bsc#1255800).
- Update
patches.suse/Revert-IB-isert-Fix-incorrect-release-of-isert-conne.patch
(git-fixes CVE-2023-54219 bsc#1256231).
- Update
patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch
(stable-fixes CVE-2025-40311 bsc#1255068).
- Update
patches.suse/accel-qaic-Clean-up-integer-overflow-checking-.patch
(bsc#1012628 CVE-2023-53778 bsc#1254761).
- Update
patches.suse/af_unix-Fix-data-race-around-unix_tot_inflight.patch
(git-fixes CVE-2023-54006 bsc#1255591).
- Update patches.suse/amba-bus-fix-refcount-leak.patch (git-fixes
CVE-2023-54230 bsc#1255925).
- Update
patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch
(stable-fixes CVE-2025-40310 bsc#1255041).
- Update
patches.suse/amdgpu-validate-offset_in_bo-of-drm_amdgpu_gem_.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53819
bsc#1254712).
- Update patches.suse/arm64-mm-fix-VA-range-sanity-check.patch
(bsc#1012628 CVE-2023-53989 bsc#1256302).
- Update
patches.suse/arm64-set-__exception_irq_entry-with-__irq_entr.patch
(bsc#1012628 CVE-2023-54322 bsc#1255763).
- Update
patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch
(git-fixes CVE-2025-68339 bsc#1255505).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/autofs-fix-memory-leak-of-waitqueues-in-autofs_catat.patch
(git-fixes CVE-2023-54134 bsc#1256106).
- Update
patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch
(git-fixes CVE-2025-68758 bsc#1255944).
- Update
patches.suse/bcache-fixup-btree_cache_wait-list-damage.patch
(bsc#1012628 CVE-2023-54293 bsc#1255801).
- Update patches.suse/binder-fix-memory-leak-in-binder_init.patch
(bsc#1012628 CVE-2023-54005 bsc#1255629).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/blk-cgroup-hold-queue_lock-when-removing-blkg-.patch
(bsc#1012628 CVE-2023-54088 bsc#1256263).
- Update
patches.suse/blk-mq-fix-tags-leak-when-shrink-nr_hw_queues.patch
(bsc#1216436 CVE-2023-54227 bsc#1255952).
- Update
patches.suse/block-fix-blktrace-debugfs-entries-leakage.patch
(bsc#1012628 CVE-2023-54209 bsc#1255963).
- Update
patches.suse/block-rq_qos-protect-rq_qos-apis-with-a-new-loc.patch
(bsc#1012628 CVE-2023-53823 bsc#1254691).
- Update
patches.suse/bpf-Address-KCSAN-report-on-bpf_lru_list.patch
(bsc#1012628 CVE-2023-54283 bsc#1255809).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_event_output.patch
(bsc#1012628 CVE-2023-54173 bsc#1255996).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_perf_event_outpu.patch
(bsc#1012628 CVE-2023-54303 bsc#1255785).
- Update
patches.suse/bpf-Fix-issue-in-verifying-allow_ptr_leaks.patch
(jsc#PED-6811 CVE-2023-54181 bsc#1255988).
- Update
patches.suse/bpf-Silence-a-warning-in-btf_type_id_size.patch
(bsc#1012628 CVE-2023-54247 bsc#1255892).
- Update
patches.suse/bpf-bpf_sk_storage-Fix-invalid-wait-context-lockdep-.patch
(jsc#PED-6811 CVE-2023-53857 bsc#1254648).
- Update
patches.suse/bpf-drop-unnecessary-user-triggerable-WARN_ONCE.patch
(bsc#1012628 CVE-2023-54145 bsc#1256090).
- Update
patches.suse/bpf-sockmap-Fix-skb-refcnt-race-after-locking-change.patch
(jsc#PED-6811 CVE-2023-53836 bsc#1254693).
- Update
patches.suse/btrfs-fix-incorrect-splitting-in-btrfs_drop_ex.patch
(bsc#1012628 CVE-2023-54121 bsc#1256267).
- Update
patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch
(git-fixes CVE-2023-54224 bsc#1255951).
- Update
patches.suse/btrfs-fix-race-between-balance-and-cancel-pause.patch
(bsc#1012628 CVE-2023-54023 bsc#1256301).
- Update
patches.suse/btrfs-fix-race-when-deleting-free-space-root-fr.patch
(bsc#1012628 CVE-2023-54067 bsc#1256369).
- Update
patches.suse/btrfs-fix-race-when-deleting-quota-root-from-th.patch
(bsc#1012628 CVE-2023-54032 bsc#1255617).
- Update
patches.suse/btrfs-fix-warning-when-putting-transaction-with.patch
(bsc#1012628 CVE-2023-53865 bsc#1254762).
- Update
patches.suse/btrfs-release-path-before-inode-lookup-during-the-in.patch
(git-fixes CVE-2023-54281 bsc#1255820).
- Update
patches.suse/btrfs-remove-BUG_ON-s-in-add_new_free_space.patch
(bsc#1012628 CVE-2023-54185 bsc#1255984).
- Update
patches.suse/btrfs-set-page-extent-mapped-after-read_folio-in-rel.patch
(git-fixes CVE-2023-54253 bsc#1255891).
- Update
patches.suse/btrfs-zoned-fix-memory-leak-after-finding-block.patch
(bsc#1012628 CVE-2023-54297 bsc#1255795).
- Update
patches.suse/btrfs-zoned-skip-splitting-and-logical-rewriting-on-.patch
(bsc#1223731 CVE-2024-26944 CVE-2023-54080 bsc#1256367).
- Update
patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch
(git-fixes CVE-2025-68307 bsc#1255146).
- Update
patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch
(git-fixes CVE-2025-68308 bsc#1255149).
- Update
patches.suse/cifs-fix-potential-oops-in-cifs_oplock_break.patch
(bsc#1012628 CVE-2023-54258 bsc#1255886).
- Update
patches.suse/cifs-fix-session-state-check-in-reconnect-to-a.patch
(bsc#1012628 CVE-2023-53794 bsc#1255163).
- Update
patches.suse/clk-clocking-wizard-Fix-Oops-in-clk_wzrd_regist.patch
(bsc#1012628 CVE-2023-53807 bsc#1254724).
- Update
patches.suse/clk-imx93-fix-memory-leak-and-missing-unwind-go.patch
(bsc#1012628 CVE-2023-54221 bsc#1255842).
- Update
patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch
(git-fixes CVE-2025-68332 bsc#1255483).
- Update
patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch
(git-fixes CVE-2025-68257 bsc#1255167).
- Update
patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch
(git-fixes CVE-2025-68258 bsc#1255182).
- Update
patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch
(git-fixes CVE-2025-68335 bsc#1255480).
- Update
patches.suse/crypto-api-Use-work-queue-in-crypto_destroy_instance.patch
(git-fixes CVE-2023-53799 bsc#1254732).
- Update
patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch
(git-fixes CVE-2025-68172 bsc#1255253).
- Update
patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch
(git-fixes CVE-2025-68724 bsc#1255550).
- Update
patches.suse/dccp-Fix-out-of-bounds-access-in-DCCP-error-handler.patch
(bsc#1220419 CVE-2023-53782 bsc#1254758).
- Update
patches.suse/dccp-fix-data-race-around-dp-dccps_mss_cache.patch
(bsc#1012628 CVE-2023-53839 bsc#1254655).
- Update
patches.suse/devlink-report-devlink_port_type_warn-source-de.patch
(bsc#1012628 CVE-2023-53841 bsc#1255009).
- Update
patches.suse/dm-don-t-attempt-to-queue-IO-under-RCU-protection-a9ce.patch
(jsc#PED-7514 CVE-2023-53860 bsc#1254626).
- Update
patches.suse/dm-fix-a-race-condition-in-retrieve_deps-f600.patch
(jsc#PED-7514 CVE-2023-54324 bsc#1255759).
- Update
patches.suse/driver-soc-xilinx-use-_safe-loop-iterator-to-av.patch
(bsc#1012628 CVE-2023-54101 bsc#1256153).
- Update
patches.suse/drm-amd-display-Check-NULL-before-accessing.patch
(stable-fixes CVE-2025-68286 bsc#1255351).
- Update
patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch
(git-fixes CVE-2025-68180 bsc#1255252).
- Update
patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch
(stable-fixes CVE-2025-40288 bsc#1255057).
- Update
patches.suse/drm-bridge-dw_hdmi-fix-connector-access-for-scd.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53784
bsc#1254765).
- Update
patches.suse/drm-client-Fix-memory-leak-in-drm_client_target.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54091
bsc#1256274).
- Update
patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch
(git-fixes CVE-2025-68244 bsc#1255190).
- Update
patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch
(git-fixes CVE-2025-40316 bsc#1254797).
- Update
patches.suse/drm-msm-dp-Drop-aux-devices-together-with-DP-co.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53851
bsc#1254695).
- Update
patches.suse/drm-mxsfb-Disable-overlay-plane-in-mxsfb_plane_overl.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53864
bsc#1254754).
- Update
patches.suse/drm-nouveau-kms-nv50-init-hpd_irq_lock-for-PIOR.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54263
bsc#1255883).
- Update
patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch
(git-fixes CVE-2025-40329 bsc#1254621).
- Update patches.suse/drm-tegra-Add-call-to-put_pid.patch
(git-fixes CVE-2025-68233 bsc#1255206).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-eviction-error.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54254
bsc#1255890).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-swapout-move-e.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53844
bsc#1254649).
- Update
patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch
(git-fixes CVE-2025-68757 bsc#1255943).
- Update
patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch
(git-fixes CVE-2025-40277 bsc#1254894).
- Update
patches.suse/erofs-kill-hooked-chains-to-avoid-loops-on-dedu.patch
(bsc#1012628 CVE-2023-53777 bsc#1254749).
- Update
patches.suse/exfat-use-kvmalloc_array-kvfree-instead-of-kma.patch
(bsc#1012628 CVE-2023-54194 bsc#1255974).
- Update
patches.suse/ext4-correct-grp-validation-in-ext4_mb_good_group.patch
(bsc#1234163 CVE-2023-53861 bsc#1254678).
- Update
patches.suse/ext4-fix-BUG-in-ext4_mb_new_inode_pa-due-to-overflow.patch
(bsc#1219165 CVE-2023-54069 bsc#1256371).
- Update
patches.suse/ext4-fix-rbtree-traversal-bug-in-ext4_mb_use_pr.patch
(bsc#1012628 CVE-2023-53813 bsc#1254717).
- Update
patches.suse/ext4-turn-quotas-off-if-mount-failed-after-enab.patch
(bsc#1012628 CVE-2023-54153 bsc#1256081).
- Update
patches.suse/f2fs-fix-to-do-sanity-check-on-direct-node-in-.patch
(bsc#1012628 CVE-2023-53846 bsc#1254983).
- Update
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch
(stable-fixes CVE-2025-40323 bsc#1255094).
- Update
patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch
(stable-fixes CVE-2025-40304 bsc#1255034).
- Update
patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch
(stable-fixes CVE-2025-40322 bsc#1255092).
- Update
patches.suse/firmware-meson_sm-fix-to-avoid-potential-NULL-pointe.patch
(git-fixes CVE-2023-54304 bsc#1255786).
- Update
patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch
(git-fixes CVE-2025-68328 bsc#1255489).
- Update
patches.suse/fs-Protect-reconfiguration-of-sb-read-write-fr.patch
(bsc#1012628 CVE-2023-54099 bsc#1256197).
- Update
patches.suse/fs-jfs-prevent-double-free-in-dbUnmount-after-failed-jfs_remount.patch
(git-fixes CVE-2023-54127 bsc#1256119).
- Update
patches.suse/fs-ntfs3-Return-error-for-inconsistent-extende.patch
(bsc#1012628 CVE-2023-54125 bsc#1256117).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-b.patch
(bsc#1012628 CVE-2023-54264 bsc#1255872).
- Update
patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch
(git-fixes CVE-2025-68732 bsc#1255688).
- Update
patches.suse/gtp-Fix-use-after-free-in-__gtp_encap_destroy.patch
(bsc#1012628 CVE-2023-54142 bsc#1256095).
- Update
patches.suse/hfs-validate-record-offset-in-hfsplus_bmap_alloc.patch
(git-fixes CVE-2025-40349 bsc#1255280).
- Update
patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-__hfsplus_ext_cache_extent.patch
(git-fixes CVE-2025-40244 bsc#1255033).
- Update
patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-hfsplus_delete_cat.patch
(git-fixes CVE-2025-40351 bsc#1255281).
- Update
patches.suse/hwrng-virtio-Fix-race-on-data_avail-and-actual-.patch
(bsc#1012628 CVE-2023-53998 bsc#1255578).
- Update
patches.suse/iavf-use-internal-state-to-free-traffic-IRQs.patch
(bsc#1012628 CVE-2023-53850 bsc#1254677).
- Update
patches.suse/ice-prevent-NULL-pointer-deref-during-reload.patch
(bsc#1012628 CVE-2023-54037 bsc#1255557).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(jsc#PED-4866 CVE-2023-54070 bsc#1256364).
- Update
patches.suse/igc-Fix-Kernel-Panic-during-ndo_tx_timeout-call.patch
(bsc#1012628 CVE-2023-54166 bsc#1256074).
- Update
patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch
(stable-fixes CVE-2025-68330 bsc#1255493).
- Update
patches.suse/iio-adc-ina2xx-avoid-NULL-pointer-dereference-.patch
(bsc#1012628 CVE-2023-53834 bsc#1254660).
- Update
patches.suse/iio-core-Prevent-invalid-memory-access-when-th.patch
(bsc#1012628 CVE-2023-54027 bsc#1255579).
- Update
patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch
(git-fixes CVE-2025-68740 bsc#1255812).
- Update
patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch
(stable-fixes CVE-2025-68183 bsc#1255251).
- Update
patches.suse/io_uring-net-don-t-overflow-multishot-recv.patch
(bsc#1215211 CVE-2023-54030 bsc#1255691).
- Update
patches.suse/iomap-Fix-possible-overflow-condition-in-iomap_write_delalloc_scan.patch
(jsc#PED-5453 CVE-2023-54285 bsc#1255807).
- Update
patches.suse/iommufd-IOMMUFD_DESTROY-should-not-increase-the.patch
(bsc#1012628 CVE-2023-53795 bsc#1254737).
- Update
patches.suse/iommufd-Set-end-correctly-when-doing-batch-carr.patch
(bsc#1012628 CVE-2023-54060 bsc#1256379).
- Update
patches.suse/ionic-remove-WARN_ON-to-prevent-panic_on_warn.patch
(bsc#1012628 CVE-2023-53994 bsc#1255570).
- Update
patches.suse/ip6_vti-fix-slab-use-after-free-in-decode_sess.patch
(bsc#1012628 CVE-2023-53821 bsc#1254669).
- Update
patches.suse/ipmi-ssif-Fix-a-memory-leak-when-scanning-for-an-ada.patch
(git-fixes CVE-2023-54064 bsc#1256375).
- Update
patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch
(git-fixes CVE-2025-68766 bsc#1255932).
- Update
patches.suse/isdn-mISDN-hfcsusb-fix-memory-leak-in-hfcsusb_probe.patch
(git-fixes CVE-2025-68734 bsc#1255538).
- Update
patches.suse/jfs-Verify-inode-mode-when-loading-from-disk.patch
(git-fixes CVE-2025-40312 bsc#1255046).
- Update
patches.suse/jfs-fix-uninitialized-waitqueue-in-transaction-manager.patch
(git-fixes CVE-2025-68168 bsc#1255100).
- Update
patches.suse/kcm-Fix-error-handling-for-SOCK_DGRAM-in-kcm_sendmsg.patch
(bsc#1220419 CVE-2023-53825 bsc#1254707).
- Update
patches.suse/kcm-Fix-memory-leak-in-error-path-of-kcm_sendmsg.patch
(bsc#1220419 CVE-2023-54112 bsc#1256354).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s.patch
(bsc#1012628 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/maple_tree-fix-potential-out-of-bounds-access-i.patch
(bsc#1012628 CVE-2023-54135 bsc#1256107).
- Update
patches.suse/md-fix-warning-for-holder-mismatch-from-export_rdev.patch
(git-fixes CVE-2023-53791 bsc#1254742).
- Update
patches.suse/md-raid5-cache-fix-a-deadlock-in-r5l_exit_log-a705.patch
(jsc#PED-7542 CVE-2023-53848 bsc#1254753).
- Update
patches.suse/media-af9005-Fix-null-ptr-deref-in-af9005_i2c_xfer.patch
(git-fixes CVE-2023-54314 bsc#1255776).
- Update
patches.suse/media-anysee-fix-null-ptr-deref-in-anysee_master_xfe.patch
(git-fixes CVE-2023-54093 bsc#1256273).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-dvb-usb-v2-gl861-Fix-null-ptr-deref-in-gl861_i.patch
(git-fixes CVE-2023-54066 bsc#1256373).
- Update
patches.suse/media-imon-make-send_packet-more-robust.patch
(stable-fixes CVE-2025-68194 bsc#1255325).
- Update
patches.suse/media-mediatek-vcodec-fix-resource-leaks-in-vdec_msg.patch
(git-fixes CVE-2023-54143 bsc#1256096).
- Update
patches.suse/media-tuners-qt1010-replace-BUG_ON-with-a-regular-er.patch
(git-fixes CVE-2023-54282 bsc#1255810).
- Update
patches.suse/media-v4l2-core-Fix-a-potential-resource-leak-in-v4l.patch
(git-fixes CVE-2023-54183 bsc#1255990).
- Update
patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch
(git-fixes CVE-2025-68252 bsc#1255197).
- Update
patches.suse/misc-pci_endpoint_test-Free-IRQs-before-removin.patch
(bsc#1012628 CVE-2023-54326 bsc#1255758).
- Update
patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch
(git-fixes CVE-2025-40272 bsc#1254832).
- Update
patches.suse/mmc-sunplus-fix-return-value-check-of-mmc_add_.patch
(bsc#1012628 CVE-2023-54204 bsc#1255967).
- Update
patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch
(git-fixes CVE-2025-40223 bsc#1254957).
- Update
patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch
(git-fixes CVE-2025-68290 bsc#1255154).
- Update
patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch
(git-fixes CVE-2025-68249 bsc#1255233).
- Update
patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch
(git-fixes CVE-2025-68765 bsc#1255931).
- Update
patches.suse/mt76-mt7921-don-t-assume-adequate-headroom-for-SDIO-.patch
(git-fixes CVE-2023-53785 bsc#1254918).
- Update
patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch
(git-fixes CVE-2025-68238 bsc#1255202).
- Update
patches.suse/mtd-rawnand-fsl_upm-Fix-an-off-by-one-test-in-.patch
(bsc#1012628 CVE-2023-54104 bsc#1256145).
- Update
patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch
(git-fixes CVE-2025-68237 bsc#1255203).
- Update
patches.suse/net-core-remove-unnecessary-frame_sz-check-in-.patch
(bsc#1012628 CVE-2023-54155 bsc#1256083).
- Update
patches.suse/net-deal-with-integer-overflows-in-kmalloc_reserve.patch
(bsc#1215146 CVE-2023-42752 CVE-2023-53752 bsc#1254613).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_.patch
(bsc#1012628 CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-dsa-avoid-suspicious-RCU-usage-for-synced-V.patch
(bsc#1012628 CVE-2023-54149 bsc#1256085).
- Update
patches.suse/net-dsa-ocelot-call-dsa_tag_8021q_unregister-u.patch
(bsc#1012628 CVE-2023-53855 bsc#1254688).
- Update
patches.suse/net-ethernet-mtk_eth_soc-fix-possible-NULL-pointer-d.patch
(git-fixes CVE-2023-54240 bsc#1255918).
- Update
patches.suse/net-hns3-fix-deadlock-issue-when-externel_lb-a.patch
(bsc#1012628 CVE-2023-54000 bsc#1255564).
- Update
patches.suse/net-ipa-only-reset-hashed-tables-when-supported.patch
(bsc#1012628 CVE-2023-54225 bsc#1256234).
- Update
patches.suse/net-ipv4-fix-one-memleak-in-__inet_del_ifa.patch
(bsc#1220419 CVE-2023-53995 bsc#1255616).
- Update
patches.suse/net-mlx5-fix-potential-memory-leak-in-mlx5e_in.patch
(bsc#1012628 CVE-2023-54106 bsc#1256358).
- Update
patches.suse/net-mlx5e-Move-representor-neigh-cleanup-to-pr.patch
(bsc#1012628 CVE-2023-54148 bsc#1256084).
- Update
patches.suse/net-mlx5e-TC-Fix-internal-port-memory-leak.patch
(bsc#1012628 CVE-2023-53999 bsc#1255621).
- Update
patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_ptp_open.patch
(bsc#1012628 CVE-2023-54169 bsc#1256050).
- Update
patches.suse/net-mlx5e-xsk-Fix-invalid-buffer-access-for-le.patch
(bsc#1012628 CVE-2023-54223 bsc#1256233).
- Update
patches.suse/net-openvswitch-reject-negative-ifindex.patch
(bsc#1012628 CVE-2023-53843 bsc#1254705).
- Update
patches.suse/net-prevent-skb-corruption-on-frag-list-segment.patch
(bsc#1012628 CVE-2023-54094 bsc#1256292).
- Update
patches.suse/net-read-sk-sk_family-once-in-sk_mc_loop.patch
(bsc#1220419 CVE-2023-53831 bsc#1254701).
- Update
patches.suse/net-sched-taprio-Limit-TCA_TAPRIO_ATTR_SCHED_C.patch
(bsc#1012628 CVE-2023-54251 bsc#1255888).
- Update
patches.suse/net-smc-use-smc_lgr_list.lock-to-protect-smc_lgr_lis.patch
(git-fixes CVE-2023-54318 bsc#1255772).
- Update
patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch
(git-fixes CVE-2025-68192 bsc#1255246).
- Update
patches.suse/netfilter-nf_tables-fix-underflow-in-chain-refe.patch
(bsc#1012628 CVE-2023-54035 bsc#1255563).
- Update
patches.suse/netlink-do-not-hard-code-device-address-lenth-i.patch
(bsc#1012628 CVE-2023-53863 bsc#1254657).
- Update
patches.suse/nfp-clean-mc-addresses-in-application-firmware-.patch
(bsc#1012628 CVE-2023-54133 bsc#1256104).
- Update
patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch
(git-fixes CVE-2025-68185 bsc#1255135).
- Update
patches.suse/nfsd-move-init-of-percpu-reply_cache_stats-coun.patch
(bsc#1012628 CVE-2023-54276 bsc#1255907).
- Update
patches.suse/nilfs2-fix-WARNING-in-mark_buffer_dirty-due-to.patch
(bsc#1012628 CVE-2023-54140 bsc#1256093).
- Update
patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch
(git-fixes CVE-2025-68235 bsc#1255209).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_ctrl_secret.patch
(bsc#1012628 CVE-2023-53792 bsc#1254743).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_secret_stor.patch
(bsc#1012628 CVE-2023-53852 bsc#1254653).
- Update
patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch
(bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274).
- Update
patches.suse/nvme-multipath-fix-lockdep-WARN-due-to-partition-sca.patch
(git-fixes bsc#1233640 CVE-2024-53093 CVE-2025-68218
bsc#1255245).
- Update
patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch
(bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276).
- Update
patches.suse/of-overlay-Call-of_changeset_init-early.patch
(git-fixes CVE-2023-53856 bsc#1254661).
- Update
patches.suse/of-unittest-fix-null-pointer-dereferencing-in-of_uni.patch
(git-fixes CVE-2023-54178 bsc#1255992).
- Update
patches.suse/opp-Fix-use-after-free-in-lazy_opp_tables-after.patch
(bsc#1012628 CVE-2023-54026 bsc#1255549).
- Update
patches.suse/orangefs-fix-xattr-related-buffer-overflow.patch
(git-fixes CVE-2025-40306 bsc#1255062).
- Update
patches.suse/ovl-fix-null-pointer-dereference-in-ovl_get_acl.patch
(bsc#1012628 CVE-2023-54313 bsc#1255775).
- Update
patches.suse/pcmcia-rsrc_nonstatic-Fix-memory-leak-in-nonst.patch
(bsc#1012628 CVE-2023-54115 bsc#1256121).
- Update patches.suse/perf-tool-x86-Fix-perf_env-memory-leak.patch
(bsc#1012628 CVE-2023-53793 bsc#1254739).
- Update
patches.suse/phy-tegra-xusb-Clear-the-driver-reference-in-us.patch
(bsc#1012628 CVE-2023-54083 bsc#1256368).
- Update
patches.suse/pinctrl-at91-pio4-check-return-value-of-devm_ka.patch
(bsc#1012628 CVE-2023-54319 bsc#1255760).
- Update
patches.suse/pinctrl-freescale-Fix-a-memory-out-of-bounds-wh.patch
(bsc#1012628 CVE-2023-53750 bsc#1254611).
- Update
patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch
(git-fixes CVE-2025-68222 bsc#1255218).
- Update
patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch
(git-fixes CVE-2025-68303 bsc#1255122).
- Update
patches.suse/posix-timers-Prevent-RT-livelock-in-itimer_dele.patch
(bsc#1012628 CVE-2023-53815 bsc#1254715).
- Update patches.suse/powerpc-64s-Fix-VAS-mm-use-after-free.patch
(bsc#1012628 CVE-2023-54042 bsc#1255702).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-powernv-sriov-perform-null-check-on-iov.patch
(bsc#1012628 CVE-2023-54315 bsc#1255769).
- Update
patches.suse/powerpc-pseries-Rework-lppaca_shared_proc-to-avoid-D.patch
(bsc#1194869 CVE-2023-54267 bsc#1255899).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1194869 CVE-2023-54017 bsc#1255605).
- Update patches.suse/pstore-ram-Add-check-for-kstrdup.patch
(bsc#1012628 CVE-2023-54189 bsc#1255978).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1012628 CVE-2023-54177 bsc#1255993).
- Update patches.suse/rcu-dump-vmalloc-memory-info-safely.patch
(git-fixes CVE-2023-54113 bsc#1256351).
- Update
patches.suse/rcuscale-Move-rcu_scale_writer-schedule_timeout_unin.patch
(git-fixes CVE-2023-54246 bsc#1255915).
- Update
patches.suse/refscale-Fix-uninitalized-use-of-wait_queue_head_t.patch
(git-fixes CVE-2023-54316 bsc#1255770).
- Update
patches.suse/regmap-irq-Fix-out-of-bounds-access-when-alloca.patch
(bsc#1012628 CVE-2023-53768 bsc#1254599).
- Update
patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch
(git-fixes CVE-2025-40317 bsc#1254796).
- Update
patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch
(git-fixes CVE-2025-68354 bsc#1255553).
- Update
patches.suse/regulator-da9063-fix-null-pointer-deref-with-pa.patch
(bsc#1012628 CVE-2023-53787 bsc#1254750).
- Update patches.suse/rpmsg-glink-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-54049 bsc#1256396).
- Update
patches.suse/s390-dcssblk-fix-kernel-crash-with-list_add-corruption.patch
(git-fixes bsc#1215344 CVE-2023-54117 bsc#1256348).
- Update
patches.suse/s390-vmem-split-pages-when-debug-pagealloc-is-.patch
(bsc#1012628 CVE-2023-54278 bsc#1255911).
- Update
patches.suse/samples-bpf-Fix-buffer-overflow-in-tcp_basertt.patch
(bsc#1012628 CVE-2023-54312 bsc#1255774).
- Update
patches.suse/sched-psi-use-kernfs-polling-functions-for-PSI-.patch
(bsc#1012628 CVE-2023-54019 bsc#1255636).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handlin.patch
(bsc#1012628 CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1012628 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_b.patch
(bsc#1012628 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-target-core-Fix-target_cmd_counter-leak.patch
(bsc#1214847 CVE-2023-54154 bsc#1256082).
- Update
patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_chang.patch
(bsc#1012628 CVE-2023-54220 bsc#1255949).
- Update patches.suse/serial-sprd-Fix-DMA-buffer-leak-issue.patch
(git-fixes CVE-2023-54136 bsc#1256099).
- Update
patches.suse/sfc-fix-crash-when-reading-stats-while-NIC-is-r.patch
(bsc#1012628 CVE-2023-54156 bsc#1255704).
- Update
patches.suse/sh-dma-Fix-DMA-channel-offset-calculation.patch
(bsc#1012628 CVE-2023-54255 bsc#1255884).
- Update patches.suse/smb-client-fix-missed-ses-refcounting.patch
(bsc#1012628 CVE-2023-54076 bsc#1256335).
- Update
patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch
(bsc#1248886 CVE-2025-40320 bsc#1254793).
- Update patches.suse/soundwire-fix-enumeration-completion.patch
(bsc#1012628 CVE-2023-54096 bsc#1256178).
- Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch
(bsc#1253155 CVE-2025-68746 bsc#1255722).
- Update
patches.suse/staging-r8712-Fix-memory-leak-in-_r8712_init_xm.patch
(bsc#1012628 CVE-2023-54001 bsc#1255628).
- Update
patches.suse/thermal-of-fix-double-free-on-unregistration.patch
(bsc#1012628 CVE-2023-53997 bsc#1255632).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-.patch
(bsc#1012628 CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-memory-leak-of-iter-temp-when-readi.patch
(bsc#1012628 CVE-2023-54171 bsc#1256034).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_dis.patch
(bsc#1012628 CVE-2023-54211 bsc#1255843).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c.patch
(bsc#1012628 CVE-2023-53858 bsc#1254704).
- Update
patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch
(stable-fixes CVE-2025-40314 bsc#1255072).
- Update
patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch
(git-fixes CVE-2025-68287 bsc#1255152).
- Update
patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch
(git-fixes CVE-2025-68289 bsc#1255155).
- Update
patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch
(stable-fixes CVE-2025-40315 bsc#1255083).
- Update
patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch
(stable-fixes CVE-2025-68750 bsc#1255814).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_.patch
(bsc#1012628 CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch
(stable-fixes CVE-2025-40345 bsc#1255279).
- Update
patches.suse/usb-typec-bus-verify-partner-exists-in-typec_altmode.patch
(git-fixes CVE-2023-54299 bsc#1255789).
- Update
patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch
(git-fixes CVE-2025-68331 bsc#1255495).
- Update patches.suse/usbnet-Prevents-free-active-kevent.patch
(git-fixes CVE-2025-68312 bsc#1255171).
- Update
patches.suse/vdpa-Add-queue-index-attr-to-vdpa_nl_policy-fo.patch
(bsc#1012628 CVE-2023-54031 bsc#1255583).
- Update patches.suse/vduse-fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-54291 bsc#1255798).
- Update
patches.suse/vfio-type1-fix-cap_migration-information-leak
(jsc#PED-7779 jsc#PED-7780 CVE-2023-54137 bsc#1256100).
- Update
patches.suse/virtio-vdpa-Fix-cpumask-memory-leak-in-virtio_.patch
(bsc#1012628 CVE-2023-54215 bsc#1255957).
- Update
patches.suse/virtio_pmem-add-the-missing-REQ_OP_WRITE-for-flush-b.patch
(git-fixes CVE-2023-54089 bsc#1256268).
- Update
patches.suse/virtio_vdpa-build-affinity-masks-conditionally.patch
(git-fixes CVE-2023-54008 bsc#1255630).
- Update
patches.suse/wifi-ath11k-Add-missing-hw_ops-get_ring_selecto.patch
(bsc#1012628 CVE-2023-54141 bsc#1256094).
- Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch
(git-fixes CVE-2025-68380 bsc#1255580).
- Update
patches.suse/wifi-ath11k-fix-registration-of-6Ghz-only-phy-w.patch
(bsc#1012628 CVE-2023-54229 bsc#1255924).
- Update
patches.suse/wifi-ath12k-Fix-memory-leak-in-rx_desc-and-tx_desc.patch
(git-fixes CVE-2023-54016 bsc#1256279).
- Update
patches.suse/wifi-ath9k-avoid-referencing-uninit-memory-in-a.patch
(bsc#1012628 CVE-2023-54300 bsc#1255790).
- Update
patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch
(git-fixes CVE-2025-40321 bsc#1254795).
- Update
patches.suse/wifi-cfg80211-ocb-don-t-leave-if-not-joined.patch
(git-fixes CVE-2023-53992 bsc#1256058).
- Update
patches.suse/wifi-mt76-mt7921-fix-skb-leak-by-txs-missing-i.patch
(bsc#1012628 CVE-2023-54052 bsc#1256387).
- Update
patches.suse/wifi-mwifiex-fix-memory-leak-in-mwifiex_histogram_re.patch
(git-fixes CVE-2023-53808 bsc#1254723).
- Update
patches.suse/wifi-rsi-Do-not-configure-WoWlan-in-shutdown-ho.patch
(bsc#1012628 CVE-2023-54025 bsc#1255558).
- Update
patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch
(git-fixes CVE-2025-68759 bsc#1255934).
- Update
patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch
(git-fixes CVE-2025-68362 bsc#1255611).
- Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch
(git-fixes CVE-2025-68313 bsc#1255415).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_microco.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- Update
patches.suse/x86-hyperv-Disable-IBT-when-hypercall-page-lac.patch
(bsc#1012628 CVE-2023-54172 bsc#1256033).
- Update
patches.suse/x86-sev-Make-enc_dec_hypercall-accept-a-size-instead-of-npages
(bsc#1214635 CVE-2023-53996 bsc#1255618).
- Update patches.suse/xen-speed-up-grant-table-reclaim.patch
(bsc#1012628 CVE-2023-54081 bsc#1256361).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit c2db288
- Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch
(CVE-2025-40287 bsc#1255030 CVE-2025-68351 bsc#1255567).
- Update
patches.suse/net-enetc-fix-the-deadlock-of-enetc_mdio_lock.patch
(CVE-2025-40337 bsc#1255081 CVE-2025-40347 bsc#1255262).
- commit 8022326
- docs: ABI: sysfs-devices-soc: Fix swapped sample values
(git-fixes).
- commit 208252e
- gpio: rockchip: mark the GPIO controller as sleeping
(git-fixes).
- drm/pl111: Fix error handling in pl111_amba_probe (git-fixes).
- crypto: qat - fix duplicate restarting msg during AER error
(git-fixes).
- commit db7c5b1
- cifs: client: fix memory leak in smb3_fs_context_parse_param
(bsc#1255082, CVE-2025-40268).
- commit 1547549
- ext4: wait for ongoing I/O to complete before freeing blocks
(bsc#1256366).
- commit 73f54be
- selftests/bpf: Add test to verify freeing the special fields
in pcpu maps (CVE-2025-68744 bsc#1255709).
- commit 7a07150
- bpf: Free special fields when update [lru_,]percpu_hash maps
(CVE-2025-68744 bsc#1255709).
- commit 5246440
- pmdomain: arm: scmi: Fix genpd leak on provider registration
failure (CVE-2025-68204 bsc#1255224).
- commit 51ed7f6
- drm/amd/display: Fix scratch registers offsets for DCN351
(stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN35
(stable-fixes).
- Revert "drm/amd/display: Fix pbn to kbps Conversion"
(stable-fixes).
- drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes).
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace
(stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- drm/amdkfd: Trap handler support for expert scheduling mode
(stable-fixes).
- clk: samsung: exynos-clkout: Assign .num before accessing .hws
(git-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/displayid: add quirk to ignore DisplayID checksum errors
(stable-fixes).
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct
drm_edid_ident (stable-fixes).
- drm/displayid: pass iter to drm_find_displayid_extension()
(stable-fixes).
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING
after CLC load (stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: cfg80211: stop radar detection in cfg80211_leave()
(stable-fixes).
- wifi: cfg80211: use cfg80211_leave() in iftype change
(stable-fixes).
- cpufreq: nforce2: fix reference count leak in nforce2
(git-fixes).
- drm/panthor: Flush shmem writes before mapping buffers
CPU-uncached (git-fixes).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume
(stable-fixes).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier
before suspend (stable-fixes).
- commit 0bebe20
- wifi: mac80211: restore non-chanctx injection behaviour
(git-fixes).
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
(git-fixes).
- wifi: avoid kernel-infoleak from struct iw_point (git-fixes).
- atm: Fix dma_free_coherent() size (git-fixes).
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
(git-fixes).
- net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
(git-fixes).
- HID: quirks: work around VID/PID conflict for appledisplay
(git-fixes).
- ASoC: sun4i-spdif: Add missing kerneldoc fields for
sun4i_spdif_quirks (git-fixes).
- ALSA: ac97: fix a double free in snd_ac97_controller_register()
(git-fixes).
- commit 31818ae
- binfmt_misc: restore write access before closing files opened
by open_exec() (bsc#1255272 CVE-2025-68239).
- commit 40d7043
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit e033d9a
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit eb0de51
- ext4: guard against EA inode refcount underflow in xattr update
(bsc#1253623 CVE-2025-40190).
- commit 7ad9fff
- net/smc: fix general protection fault in __smc_diag_dump
(CVE-2025-40357 bsc#1255097).
- commit c2a771e
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is
replaced (CVE-2025-68259 bsc#1255199).
- commit bca135e
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318)
- commit 24256b7
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121)
- commit c49170e
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit 34ab5ba
- bpf: Fix stackmap overflow check in __bpf_get_stackid()
(CVE-2025-68378 bsc#1255614).
- commit f957faa
- bpf: Refactor stack map trace depth calculation into helper
function (CVE-2025-68378 bsc#1255614).
- commit 89dceec
- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
(bsc#1255463).
- Refresh
patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch.
- commit f3639f0
- iommufd: Don't overflow during division for dirty tracking
(CVE-2025-40293 bsc#1255179).
- commit 8fb40bc
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
(CVE-2025-40251 bsc#1254856).
- commit 07d80e9
- mptcp: fix race condition in mptcp_schedule_work()
(CVE-2025-40258 bsc#1254843).
- commit 664f157
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net/mlx5: Clean up only new IRQ glue on request_irq() failure
(CVE-2025-40250 bsc#1254854).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40337
bsc#1255081).
- net: stmmac: Correctly handle Rx checksum offload errors
(CVE-2025-40337 bsc#1255081).
- commit 3ae940f
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq
IE parsing (CVE-2025-68255 bsc#1255395).
- commit d962eb4
- ASoC: Intel: avs: Do not share the name pointer between
components (CVE-2025-40338 bsc#1255273).
- commit 968173c
- drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
(CVE-2025-40289 bsc#1255042).
- commit ff414f2
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit 9f73fa4
- serial: core: Fix serial device initialization (git-fixes).
- commit 024b264
- drm/imagination: Disallow exporting of PM/FW protected objects
(git-fixes).
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in
ACPI package parsing (git-fixes).
- serial: core: Restore sysfs fwnode information (git-fixes).
- ASoC: ak4458: remove the reset operation in probe and remove
(git-fixes).
- drm/xe: Use usleep_range for accurate long-running workload
timeslicing (git-fixes).
- drm/xe: Drop preempt-fences when destroying imported dma-bufs
(git-fixes).
- drm/xe/oa: Disallow 0 OA property values (git-fixes).
- drm/xe: Adjust long-running workload timeslices to reasonable
values (git-fixes).
- drm/xe/oa: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Restore engine registers before restarting schedulers
after GT reset (git-fixes).
- drm/xe/bo: Don't include the CCS metadata in the dma-buf
sg-table (git-fixes).
- drm/me/gsc: mei interrupt top half should be in irq disabled
context (git-fixes).
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes).
- wifi: ath10k: move recovery check logic into a new work
(git-fixes).
- r8169: set EEE speed down ratio to 1 (stable-fixes).
- wifi: ath10k: Add missing include of export.h (stable-fixes).
- wifi: ath10k: Avoid vdev delete timeout when firmware is
already down (stable-fixes).
- commit bbba4ae
- usb: phy: isp1301: fix non-OF device reference imbalance
(git-fixes).
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
(git-fixes).
- commit 4724dd4
- platform/x86: ibm_rtl: fix EBDA signature search pointer
arithmetic (git-fixes).
- platform/x86: msi-laptop: add missing sysfs_remove_group()
(git-fixes).
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from
event names (git-fixes).
- wifi: mac80211: do not use old MBSSID elements (git-fixes).
- wifi: cfg80211: sme: store capped length in
__cfg80211_connect_result() (git-fixes).
- wifi: rtlwifi: 8192cu: fix tid out of range in
rtl92cu_tx_fill_desc() (git-fixes).
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS
(git-fixes).
- smc91x: fix broken irq-context in PREEMPT_RT (git-fixes).
- usb: dwc3: of-simple: fix clock resource leak in
dwc3_of_simple_probe (git-fixes).
- USB: lpc32xx_udc: Fix error handling in probe (git-fixes).
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
(git-fixes).
- usb: dwc3: keep susphy enabled during exit to avoid controller
faults (git-fixes).
- spi: fsl-cpm: Check length parity before switching to 16 bit
mode (git-fixes).
- PM: runtime: Do not clear needs_force_resume with enabled
runtime PM (git-fixes).
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
(git-fixes).
- commit 29120de
- sctp: avoid NULL dereference when chunk data buffer is missing
(CVE-2025-40240 bsc#1254869).
- commit 7732dc5
- net: rose: fix invalid array index in rose_kill_by_device()
(git-fixes).
- net: usb: sr9700: fix incorrect command used to write single
register (git-fixes).
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write (git-fixes).
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
(git-fixes).
- net: mdio: aspeed: add dummy read to avoid read-after-write
issue (git-fixes).
- Input: ti_am335x_tsc - fix off-by-one error in wire_order
validation (git-fixes).
- Input: atkbd - skip deactivate for HONOR FMB-P's internal
keyboard (git-fixes).
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to
Kconfig (git-fixes).
- commit 0ed2427
- drm/i915/gem: Zero-initialize the eb.vma array in
i915_gem_do_execbuffer (git-fixes).
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state()
in prepare_fb (git-fixes).
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(git-fixes).
- idr: fix idr_alloc() returning an ID out of range (git-fixes).
- genalloc.h: fix htmldocs warning (git-fixes).
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(git-fixes).
- firewire: nosy: Fix dma_free_coherent() size (git-fixes).
- drm/msm/dpu: Add missing NULL pointer check for pingpong
interface (git-fixes).
- ALSA: usb-mixer: us16x08: validate meter packet indices
(git-fixes).
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
(git-fixes).
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
(git-fixes).
- hwmon: (tmp401) fix overflow caused by default conversion rate
value (git-fixes).
- hwmon: (ibmpex) fix use-after-free in high/low store
(git-fixes).
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first
(git-fixes).
- ACPI: PCC: Fix race condition by removing static qualifier
(git-fixes).
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
(git-fixes).
- can: j1939: make j1939_sk_bind() fail if device is no longer
registered (git-fixes).
- can: gs_usb: gs_can_open(): fix error handling (git-fixes).
- broadcom: b44: prevent uninitialized value usage (git-fixes).
- commit bf82bcb
- exfat: validate cluster allocation bits of the allocation bitmap
(CVE-2025-40307 bsc#1255039).
- commit 61971f7
- exfat: using hweight instead of internal logic (git-fixes).
- commit 18b7ccc
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).
- commit 8505ec5
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
(git-fixes).
- commit 784298a
- Branch maintainers was auto-merged from SLE15-SP6-LTSS.
Restore to SP7 maintainers per ML discussion at:
https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00127.html
https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00134.html
- commit ca6d40d
- tracing: Fix race condition in kprobe initialization causing
NULL pointer dereference (CVE-2025-40042 bsc#1252861).
- commit 8186e85
- README.BRANCH: SLE15-SP6 became LTSS, update maintainers
- commit f86184e
- cpuidle: menu: Use residency threshold in polling state override
decisions (bsc#1255026).
- commit f6f2d0f
- fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).
- commit c5ce147
- selftests/bpf: Add test case for different expected_attach_type
(CVE-2025-40123 bsc#1253365).
- commit a20378c
- kABI workaround for bpf: Enforce expected_attach_type for
tailcall compatibility (CVE-2025-40123 bsc#1253365).
- commit b3b5837
- bpf: Enforce expected_attach_type for tailcall compatibility
(CVE-2025-40123 bsc#1253365).
Refresh patches.kabi/bpf-struct-bpf_map-workaround.patch.
- commit 4229239
- exfat: fix refcount leak in exfat_find (CVE-2025-40287
bsc#1255030).
- commit 8d74fe6
- exfat: fix improper check of dentry.stream.valid_size
(CVE-2025-40287 bsc#1255030).
- commit 6d6e321
- exfat: add a check for invalid data size (git-fixes).
- commit 2af7089
- selftests/bpf: Test widen_imprecise_scalars() with different
stack depth (CVE-2025-68208 bsc#1255227).
- commit 7bc82c5
- bpf: account for current allocated stack depth in
widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227).
- commit 59eb6d6
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit c371711
- selftests/bpf: Skip timer cases when bpf_timer is not supported
(git-fixes).
- commit c865cf8
- bpf: Reject bpf_timer for PREEMPT_RT (git-fixes).
- commit 4c49578
- bpf: Sync pending IRQ work before freeing ring buffer
(CVE-2025-40319 bsc#1254794).
- commit d39f398
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit 85cf637
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit a261090
- net: bridge: fix use-after-free due to MST port state bypass
(CVE-2025-40297 bsc#1255187).
- commit 551613c
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 2e6aaae
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- commit 23ba11d
- ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402).
- ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342).
- commit e13927d
- tipc: Fix use-after-free in tipc_mon_reinit_self()
(CVE-2025-40280 bsc#1254847).
- commit 293c735
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated
(bsc#1255434).
- bpf: Do not limit bpf_cgroup_from_id to current's namespace
(bsc#1255433).
- commit 7622dcb
- virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292).
- commit 640f7af
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 76e0cd6
- vsock: fix lock inversion in vsock_assign_transport()
(CVE-2025-40231, bsc#1254815).
- commit f20ceef
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit a401c8b
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 3a48f4b
- selftests: net: use slowwait to make sure IPv6 setup finished
(bsc#1255349).
- commit cdeb065
- selftests/net: convert test_vxlan_vnifiltering.sh to run it
in unique namespace (bsc#1255349).
- commit f6295a1
- selftests: net: use slowwait to stabilize vrf_route_leaking test
(bsc#1255349).
- commit 797f508
- selftests/net: convert vrf_route_leaking.sh to run it in unique
namespace (bsc#1255349).
- Refresh
patches.suse/selftests-net-add-helper-for-checking-if-nettest-is-availa.patch.
- commit c9d3564
- selftests: vrf_route_leaking: remove ipv6_ping_frag from
default testing (bsc#1255349).
- commit d1d9fe4
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit ae22a6c
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 13f0f1f
- selftests: net: fib-onlink-tests: Set high metric for default
IPv6 route (bsc#1255346).
- commit 3e93e72
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 63a872c
- KVM: guest_memfd: Remove bindings on memslot deletion when
gmem is dying (CVE-2025-40274, bsc#1254830).
- commit 539aace
- selftests: net: Remove executable bits from library scripts
(bsc#1254235).
- commit 0623efd
- selftests: net: included needed helper in the install targets
(bsc#1254235).
- Refresh
patches.suse/selftests-net-List-helper-scripts-in-TEST_FILES-Makefile-v.patch.
- Refresh patches.suse/selftests-net-include-forwarding-lib.patch.
- commit 7e2ef77
- tick/sched: Limit non-timekeeper CPUs calling jiffies update
(bsc#1254477).
- commit f152ff3
- selftests: net: veth: test the ability to independently
manipulate GRO and XDP (bsc#1255101).
- commit 0c521f2
- selftests: net: more strict check in net_helper (bsc#1254235).
- selftests: net: explicitly wait for listener ready
(bsc#1254235).
Refresh
patches.suse/selftests-net-cut-more-slack-for-gro-fwd-tests.patch.
- selftests/net: synchronize udpgro tests' tx and rx connection
(bsc#1254235).
- commit ea56d4f
- selftests/net: calibrate txtimestamp (bsc#1255085).
- commit 4e81333
- netdevsim: print human readable IP address (bsc#1255071).
- commit db8e48c
- selftests: dsa: Replace test symlinks by wrapper script
(bsc#1254235).
- selftests: team: Add shared library scripts to TEST_INCLUDES
(bsc#1254235).
- selftests: bonding: Add net/forwarding/lib.sh to TEST_INCLUDES
(bsc#1254235).
- selftests: Introduce Makefile variable to list shared bash
scripts (bsc#1254235).
- commit 5bb066d
- selftests/net: convert fib_tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_rule_tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib-onlink-tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthops.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_nongw.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_multiprefix to run it in
unique namespace (bsc#1254235).
- selftests/net: convert fcnal-test.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- commit 3c3968b
- Move upstreamed ath12k patch into sorted section
- commit fa80682
- Move upstreamed SCSI patches into sorted section
- commit 8ea340d
- futex: Prevent use-after-free during requeue-PI (CVE-2025-39977
bsc#1252046).
- commit 3062182
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
(git-fixes).
- commit 808d009
- bnxt_en: Shutdown FW DMA in bnxt_shutdown() (CVE-2025-40330
bsc#1254616).
- commit 3e35ca9
- usb: typec: ucsi: psy: Set max current to zero when disconnected
(git-fixes).
- commit de6f0cd
- USB: serial: option: add Telit FN920C04 ECM compositions
(stable-fixes).
- USB: serial: option: add Quectel RG255C (stable-fixes).
- USB: serial: option: add UNISOC UIS7720 (stable-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: chipidea: udc: limit usb request length to max 16KB
(stable-fixes).
- commit 15d4d36
- usb: raw-gadget: do not limit transfer length (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices
(git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: udc: Add trace event for usb_gadget_set_state
(stable-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind
(git-fixes).
- commit c4f787c
- Correct USB typec tcpm patches
In upstream backports, changes were applied to wrong places (sink
instead of source). In the stable upstream, it was corrected in a
commit d967f6ae3149, but we fold the corrections in each patch,
instead.
Refreshed:
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
patches.suse/usb-typec-tcpm-unregister-existing-source-caps-befor.patch
- commit 55aaa8f
- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).
- commit 4dc2ee9
- drm/tilcdc: Fix removal actions in case of failed probe
(git-fixes).
- drm/nouveau: refactor deprecated strcpy (git-fixes).
- drm/plane: Fix IS_ERR() vs NULL check in
drm_plane_create_hotspot_properties() (git-fixes).
- drm/i915: Fix format string truncation warning (git-fixes).
- drm/amdkfd: Use huge page size to check split svm range
alignment (git-fixes).
- commit 9d1b9c7
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
(git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- commit 4a0695a
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- drm/amdkfd: Fix GPU mappings for APU after prefetch
(stable-fixes).
- commit e28addd
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure
(git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for
DSP events (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for
DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_hda_read_acpi() (git-fixes).
- commit 203c44f
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 18e6218
- ext4: align max orphan file size with e2fsprogs limit
(bsc#1253442 CVE-2025-40179).
- commit 7ae82ce
- ext4: free orphan info with kvfree (bsc#1253442 CVE-2025-40179).
- commit a10c019
- ext4: verify orphan file size is not too big (bsc#1253442
CVE-2025-40179).
- commit 6c1724d
- Revert "ipmi: fix msg stack when IPMI is disconnected" (bsc#1253622 CVE-2025-40192)
- commit 33bdbac
- kABI workaround for mgmt_cp_set_mesh struct change (git-fixes).
- commit 7de6f1d
- Bluetooth: MGMT: fix crash in set_mesh_sync and
set_mesh_complete (git-fixes).
- Refresh patches.kabi/hci_dev-centralize-extra-lock.patch.
- commit 9117a6d
- kABI workaround for hci_conn remote_id removal (git-fixes).
- commit 1f82cb9
- Bluetooth: btusb: mediatek: Fix kernel crash when releasing
mtk iso interface (git-fixes).
- Refresh
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch.
- commit 868a054
- kABI workaround for HCI_LE_ADV_0 addition (git-fixes).
- commit 90a4a45
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
(git-fixes).
- commit 02e48bb
- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL
writes (git-fixes).
- commit 8914d15
- Refresh
patches.kabi/devlink_hide_adding_u64_to_devlink_param_types.patch.
- Refresh
patches.suse/devlink-Add-support-for-u64-parameters.patch.
- Delete
patches.suse/devlink-avoid-param-type-value-translations.patch.
Fix kABI breakage, caused by adding U64 type to DEVLINK_PARAM_TYPE (bsc#1254363)
- commit d4ef490
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID
(git-fixes).
- commit b8d0ed6
- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).
- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd
led (git-fixes).
- commit 9bd979e
- smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256,
CVE-2025-38728).
- commit 8caf30e
- selftests: net: include forwarding lib (bsc#1254235).
- commit 8ae2773
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- commit d031559
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- commit 82f1192
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- commit bd1de03
- spi: tegra210-qspi: Remove cache operations (git-fixes)
- commit a5fab01
- spi: tegra210-quad: Add support for internal DMA (git-fixes)
- commit 8c1e0cc
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- commit 8db7584
- Delete patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch.
It will reinserted as part of bsc#1253155 update request.
- commit aed40ae
- smb: Log an error when close_all_cached_dirs fails (bsc#1246328,
CVE-2025-38321).
- commit a8a838a
- Refresh
patches.suse/selftests-net-List-helper-scripts-in-TEST_FILES-Makefile-v.patch.
- commit a49bd74
- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes)
- commit 056601e
- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes)
- commit 10b4884
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
(CVE-2025-39890 bsc#1250334).
- commit 51d9ba6
- dm-verity: fix unreliable memory allocation (git-fixes).
- commit 811cec6
- ipmi: Fix handling of messages with provided receive message
pointer (git-fixes).
- commit 2e987f2
- ipmi: Rework user message limit handling (git-fixes).
- commit 4cbb961
- mm/hugetlb: fix folio is still mapped when deleted
(CVE-2025-40006 bsc#1252342).
- commit e2e7e3b
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
(git-fixes).
- pinctrl: stm32: fix hwspinlock resource leak in probe function
(git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in
rcar_gen3_phy_usb2_probe() (git-fixes).
- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).
- commit 2f1faf6
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (CVE-2025-40153 bsc#1253408).
- commit 03b4aee
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- commit fda20aa
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload
(bac#1236022 ltc#211187).
- commit 1a4723e
- i3c: fix refcount inconsistency in i3c_master_register
(git-fixes).
- commit 00edbac
- i3c: master: svc: Prevent incomplete IBI transaction
(git-fixes).
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as
a parent to other (git-fixes).
- clk: renesas: r9a06g032: Fix memory leak in error path
(git-fixes).
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle
callback (git-fixes).
- commit 4cf8a99
- mei: gsc: add dependency on Xe driver (git-fixes).
- drm/amd/display: Don't change brightness for disabled connectors
(stable-fixes).
- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes
(stable-fixes).
- usb: udc: Add trace event for usb_gadget_set_state
(stable-fixes).
- drm/i915/dp: Initialize the source OUI write timestamp always
(stable-fixes).
- commit fbf57fa
- staging: fbtft: core: fix potential memory leak in
fbtft_probe_common() (git-fixes).
- usb: gadget: tegra-xudc: Always reinitialize data toggle when
clear halt (git-fixes).
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).
- usb: phy: Initialize struct usb_phy list_head (git-fixes).
- usb: dwc2: fix hang during suspend if set as peripheral
(git-fixes).
- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).
- USB: Fix descriptor count when handling invalid MBIM extended
descriptor (git-fixes).
- intel_th: Fix error handling in intel_th_output_open
(git-fixes).
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
(git-fixes).
- comedi: multiq3: sanitize config options in multiq3_attach()
(git-fixes).
- comedi: check device's attached status in compat ioctls
(git-fixes).
- comedi: c6xdigio: Fix invalid PNP driver unregistration
(git-fixes).
- firmware: stratix10-svc: fix make htmldocs warning for
stratix10_svc (git-fixes).
- iio: core: Clean up device correctly on iio_device_alloc()
failure (git-fixes).
- iio: core: add missing mutex_destroy in iio_dev_release()
(git-fixes).
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
(git-fixes).
- firmware: stratix10-svc: Add mutex in stratix10 memory
management (git-fixes).
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to
uio_fsl_elbc_gpcm_probe (git-fixes).
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
(git-fixes).
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
(git-fixes).
- fbdev: tcx.c fix mem_map to correct smem_start offset
(git-fixes).
- watchdog: wdat_wdt: Fix ACPI table leak in probe function
(git-fixes).
- rpmsg: glink: fix rpmsg device leak (git-fixes).
- iio: accel: bmc150: Fix irq assumption regression
(stable-fixes).
- usb: storage: sddr55: Reject out-of-bound new_pba
(stable-fixes).
- USB: serial: option: add support for Rolling RW101R-GL
(stable-fixes).
- USB: serial: ftdi_sio: add support for u-blox EVK-M101
(stable-fixes).
- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -S
(stable-fixes).
- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).
- drm/amd/display: Check NULL before accessing (stable-fixes).
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
(stable-fixes).
- commit a6f8c1f
- soc: amlogic: canvas: fix device leak on lookup (git-fixes).
- soc: qcom: smem: fix hwspinlock resource leak in probe error
paths (git-fixes).
- soc: qcom: ocmem: fix device leak on lookup (git-fixes).
- firmware: imx: scu-irq: fix OF node leak in (git-fixes).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- commit 67bcab6
- perf/x86/intel: Fix KASAN global-out-of-bounds warning
(git-fixes).
- commit 4f6bb80
- r8169: disable RTL8126 ZRX-DC timeout (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support
(jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126
(jsc#PED-14353).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers
(jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: don't scan PHY addresses > 0 (jsc#PED-14353).
- commit 767f379
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE
(jsc#PED-14353).
- r8169: remove redundant hwmon support (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify
rtl_jumbo_config (jsc#PED-14353).
- commit 3a4ab13
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers
(jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: remove leftover locks after reverted change
(jsc#PED-14353).
- r8169: improve initialization of RSS registers on
RTL8125/RTL8126 (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver
(jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver
(jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver
(jsc#PED-14353).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats
(jsc#PED-14353).
- r8169: add support for RTL8125D (jsc#PED-14353).
- commit 5c318c2
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
(jsc#PED-14353).
- Refresh
patches.suse/r8169-add-tally-counter-fields-added-with-RTL8125.patch.
- commit 8dc4fd6
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: add support for the temperature sensor being available
from RTL8125B (jsc#PED-14353).
- r8169: avoid unsolicited interrupts (jsc#PED-14353).
- r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b
(jsc#PED-14353).
- r8169: disable ALDPS per default for RTL8125 (jsc#PED-14353).
- r8169: add support for RTL8126A rev.b (jsc#PED-14353).
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
(jsc#PED-14353).
- commit 6d7da00
- r8169: remove detection of chip version 11 (early RTL8168b)
(jsc#PED-14353).
- r8169: disable interrupt source RxOverflow (jsc#PED-14353).
- Revert "r8169: don't try to disable interrupts if NAPI is,
scheduled already" (jsc#PED-14353).
- r8169: Use PCI_IRQ_INTX instead of PCI_IRQ_LEGACY
(jsc#PED-14353).
- r8169: add support for RTL8168M (jsc#PED-14353).
- r8169: add MODULE_FIRMWARE entry for RTL8126A (jsc#PED-14353).
- commit 39ff456
- r8169: simplify code by using core-provided pcpu stats
allocation (jsc#PED-14353).
- commit dafb189
- r8169: simplify EEE handling (jsc#PED-14353).
- Refresh
patches.suse/r8169-implement-additional-ethtool-stats-ops.patch.
- commit 48bfadc
- r8169: add support for returning tx_lpi_timer in ethtool get_eee
(jsc#PED-14353).
- r8169: support setting the EEE tx idle timer on RTL8168h
(jsc#PED-14353).
- r8169: add generic rtl_set_eee_txidle_timer function
(jsc#PED-14353).
- commit e1875e5
- r8169: remove multicast filter limit (jsc#PED-14353).
- Refresh patches.suse/r8169-add-support-for-RTL8126A.patch.
- commit 1615622
- net: r8169: Disable multicast filter for RTL8168H and RTL8107E
(jsc#PED-14353).
- Refresh
patches.suse/r8169-respect-userspace-disabling-IFF_MULTICAST.patch.
- commit 0162652
- r8169: use dev_err_probe in all appropriate places in
rtl_init_one() (jsc#PED-14353).
- Refresh
patches.suse/r8169-revert-2ab19de62d67-r8169-remove-ASPM-res.patch.
- commit 946ce07
- r8169: improve handling task scheduling (jsc#PED-14353).
- r8169: remove not needed check in rtl_fw_write_firmware
(jsc#PED-14353).
- r8169: improve RTL8411b phy-down fixup (jsc#PED-14353).
- Revert "net: r8169: Disable multicast filter for RTL8168H and
RTL8107E" (jsc#PED-14353).
- r8169: check for PCI read error in probe (jsc#PED-14353).
- commit 82a9157
- r8169: enable EEE at 2.5G per default on RTL8125B
(jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails
and switch to warn level (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue
(jsc#PED-14353).
- r8169: don't apply UDP padding quirk on RTL8126A
(jsc#PED-14353).
- commit fdf3fd2
- efi: stmm: fix kernel-doc "bad line" warnings (git-fixes).
- ASoC: codecs: lpass-tx-macro: fix SM6115 support (git-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation
of appl_ptr (git-fixes).
- Revert "drm/amd: Skip power ungate during suspend for VPE"
(git-fixes).
- drm/panthor: Avoid adding of kernel BOs to extobj list
(git-fixes).
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
(git-fixes).
- drm/mediatek: ovl_adaptor: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe memory leak (git-fixes).
- drm/mediatek: Fix probe resource leaks (git-fixes).
- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init
(git-fixes).
- drm/msm/a6xx: Fix the gemnoc workaround (git-fixes).
- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (git-fixes).
- drm/panthor: Fix potential memleak of vma structure (git-fixes).
- drm/panthor: Fix UAF on kernel BO VA nodes (git-fixes).
- drm/panthor: Fix race with suspend during unplug (git-fixes).
- drm/panthor: Fix group_free_queue() for partially initialized
queues (git-fixes).
- drm/panthor: Handle errors returned by drm_sched_entity_init()
(git-fixes).
- drm/imagination: Fix reference to
devm_platform_get_and_ioremap_resource() (git-fixes).
- accel/ivpu: Fix race condition when unbinding BOs (git-fixes).
- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler()
(git-fixes).
- accel/ivpu: Fix DCT active percent format (git-fixes).
- drm/panel: visionox-rm69299: Don't clear all mode flags
(git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- commit 905bb10
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2
(git-fixes).
- PCI: keystone: Exit ks_pcie_probe() for invalid mode
(git-fixes).
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
(git-fixes).
- PCI/PM: Reinstate clearing state_saved in legacy and !PM
codepaths (git-fixes).
- power: supply: apm_power: only unset own apm_get_power_status
(git-fixes).
- power: supply: wm831x: Check wm831x_set_bits() return value
(git-fixes).
- power: supply: rt9467: Prevent using uninitialized local
variable in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: rt9467: Return error on failure in
rt9467_set_value_from_ranges() (git-fixes).
- power: supply: cw2015: Check devm_delayed_work_autocancel()
return code (git-fixes).
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
(git-fixes).
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
(git-fixes).
- mfd: max77620: Fix potential IRQ chip conflict when probing
two devices (git-fixes).
- platform/x86: intel: chtwc_int33fe: don't dereference swnode
args (git-fixes).
- spi: bcm63xx: drop wrong casts in probe() (git-fixes).
- spi: tegra210-quad: Fix timeout handling (git-fixes).
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex (git-fixes).
- regulator: core: disable supply if enabling main regulator fails
(git-fixes).
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors
(git-fixes).
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe
error and remove (git-fixes).
- mtd: nand: relax ECC parameter validation check (git-fixes).
- Revert "mtd: rawnand: marvell: fix layouts" (git-fixes).
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).
- mtd: maps: pcmciamtd: fix potential memory leak in
pcmciamtd_detach() (git-fixes).
- pwm: bcm2835: Make sure the channel is enabled after
pwm_request() (git-fixes).
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
(git-fixes).
- commit 6ae74c9
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path
(git-fixes).
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
(git-fixes).
- media: rc: st_rc: Fix reset control resource leak (git-fixes).
- media: videobuf2: Fix device reference leak in vb2_dc_alloc
error path (git-fixes).
- media: vpif_display: fix section mismatch (git-fixes).
- media: vpif_capture: fix section mismatch (git-fixes).
- media: samsung: exynos4-is: fix potential ABBA deadlock on init
(git-fixes).
- media: renesas: rcar_drif: fix device node reference leak in
rcar_drif_bond_enabled (git-fixes).
- media: amphion: Cancel message work before releasing the VPU
core (git-fixes).
- media: verisilicon: Protect G2 HEVC decoder against invalid
DPB index (git-fixes).
- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).
- media: cec: Fix debugfs leak on bus_register() failure
(git-fixes).
- media: vidtv: initialize local pointers upon transfer of memory
ownership (git-fixes).
- media: pvrusb2: Fix incorrect variable used in trace message
(git-fixes).
- media: msp3400: Avoid possible out-of-bounds array accesses
in msp3400c_thread() (git-fixes).
- media: adv7842: Avoid possible out-of-bounds array accesses
in adv7842_cp_log_status() (git-fixes).
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in
probe (git-fixes).
- media: i2c: adv7842: Remove redundant cancel_delayed_work in
probe (git-fixes).
- media: TDA1997x: Remove redundant cancel_delayed_work in probe
(git-fixes).
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
(git-fixes).
- commit 0f91c8f
- Documentation: hid-alps: Fix packet format section headings
(git-fixes).
- HID: logitech-hidpp: Do not assume FAP in
hidpp_send_message_sync() (git-fixes).
- HID: logitech-dj: Remove duplicate error logging (git-fixes).
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).
- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).
- leds: netxbig: Fix GPIO descriptor leak in error paths
(git-fixes).
- leds: leds-lp50xx: Enable chip before any communication
(git-fixes).
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of
9 LEDs (git-fixes).
- leds: leds-lp50xx: Allow LED 0 to be added to module bank
(git-fixes).
- hwmon: (max16065) Use local variable to avoid TOCTOU
(git-fixes).
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
(git-fixes).
- hwmon: sy7636a: Fix regulator_enable resource leak on error path
(git-fixes).
- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).
- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure
(git-fixes).
- ASoC: stm32: sai: fix device leak on probe (git-fixes).
- ASoC: qcom: q6asm-dai: perform correct state check before
closing (git-fixes).
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer
alignment (git-fixes).
- ASoC: qcom: q6adm: the the copp device only during last instance
(git-fixes).
- ALSA: dice: fix buffer overflow in detect_stream_formats()
(git-fixes).
- ASoC: fsl_xcvr: clear the channel status control memory
(git-fixes).
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma
(git-fixes).
- drm/amd/display: Fix logical vs bitwise bug in
get_embedded_panel_info_v2_1() (git-fixes).
- drm/nouveau: restrict the flush page to a 32-bit address
(git-fixes).
- drm/mediatek: Fix device node reference leak in
mtk_dp_dt_parse() (git-fixes).
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
(git-fixes).
- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).
- drm/msm/a6xx: Fix out of bound IO access in
a6xx_get_gmu_registers (git-fixes).
- drm/msm/a2xx: stop over-complaining about the legacy firmware
(git-fixes).
- drm/msm/dpu: Remove dead-code in
dpu_encoder_helper_reset_mixers() (git-fixes).
- drm/vgem-fence: Fix potential deadlock on release (git-fixes).
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
(git-fixes).
- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).
- commit 7fcfbe3
- RDMA/irdma: Remove unused struct irdma_cq fields (git-fixes)
Refresh patches.suse/RDMA-irdma-Set-irdma_cq-cq_num-field-during-CQ-creat.patch
- commit acb152c
- wifi: ath12k: fix potential memory leak in
ath12k_wow_arp_ns_offload() (git-fixes).
- commit 3961250
- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line
warning (git-fixes).
- wifi: ieee80211: correct FILS status codes (git-fixes).
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
(git-fixes).
- wifi: mt76: Fix DTS power-limits on little endian systems
(git-fixes).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb() (git-fixes).
- wifi: rtl818x: Fix potential memory leaks in
rtl8180_init_rx_ring() (git-fixes).
- wifi: mac80211: fix CMAC functions not handling errors
(git-fixes).
- net: phy: adin1100: Fix software power-down ready condition
(git-fixes).
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
(git-fixes).
- wifi: ath11k: fix peer HE MCS assignment (git-fixes).
- wifi: ath11k: restore register window after global reset
(git-fixes).
- lib/vsprintf: Check pointer before dereferencing in
time_and_date() (git-fixes).
- Documentation/kernel-parameters: fix typo in retbleed= kernel
parameter description (git-fixes).
- Documentation: parport-lowlevel: Separate function listing
code blocks (git-fixes).
- docs: w1: fix w1-netlink invalid URL (git-fixes).
- crypto: ccree - Correctly handle return of sg_nents_for_len
(git-fixes).
- crypto: iaa - Fix incorrect return value in save_iaa_wq()
(git-fixes).
- crypto: rockchip - drop redundant crypto_skcipher_ivsize()
calls (git-fixes).
- crypto: hisilicon/qm - restore original qos values (git-fixes).
- crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id (git-fixes).
- crypto: authenc - Correctly pass EINPROGRESS back up to the
caller (git-fixes).
- ima: Handle error code returned by ima_filter_rule_match()
(git-fixes).
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time
(git-fixes).
- commit 912d691
- btrfs: make sure extent and csum paths are always released in
scrub_raid56_parity_stripe() (git-fixes).
- commit 6dcb53c
- Update config files: drop doubly CONFIG_MITIGATION_TSA=y
- commit e2c35ef
- media: uvcvideo: Force UVC version to 1.0a for 0408:4033
(stable-fixes).
- commit 05e9c29
- mei: me: add wildcat lake P DID (stable-fixes).
- media: pci: ivtv: Don't create fake v4l2_fh (stable-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- media: qcom: camss: cleanup media device allocated resource
on error path (git-fixes).
- efi/libstub: Avoid physical address 0x0 when doing random
allocation (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable
(git-fixes).
- media: nxp: imx8-isi: Mark all crossbar sink pads as
MUST_CONNECT (stable-fixes).
- media: imx-mipi-csis: Drop extra clock enable at probe()
(git-fixes).
- media: qcom: venus: fix incorrect return value (stable-fixes).
- media: s5p-mfc: Fix potential deadlock on condlock
(stable-fixes).
- media: radio-isa: use dev_name to fill in bus_info
(stable-fixes).
- media: ov5640: fix vblank unchange issue when work at dvp mode
(git-fixes).
- media: qcom: camss: Fix genpd cleanup (git-fixes).
- commit 5b8269a
- ACPI: property: Fix fwnode refcount leak in
acpi_fwnode_graph_parse_endpoint() (git-fixes).
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
(git-fixes).
- efi/libstub: Fix page table access in 5-level to 4-level paging
transition (git-fixes).
- efi/libstub: Describe missing 'out' parameter in efi_load_initrd
(git-fixes).
- commit 242aae6
- drm/amd/display: Prevent Gating DTBCLK before It Is Properly
Latched (git-fixes).
- commit 3b5db8b
- drm/xe: Prevent BIT() overflow when handling invalid prefetch
region (git-fixes).
- drm/i915/dp_mst: Disable Panel Replay (git-fixes).
- drm/amd/display: avoid reset DTBCLK at clock init
(stable-fixes).
- commit a80834e
- drm/amd: Skip power ungate during suspend for VPE
(stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- drm/amd/display: Fix pbn to kbps Conversion (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5
(stable-fixes).
- drm/amdgpu: fix gpu page fault after hibernation on PF
passthrough (stable-fixes).
- drm/amd/display: Insert dccg log for easy debug (stable-fixes).
- drm/amd/display: disable DPP RCG before DPP CLK enable
(stable-fixes).
- commit d2e0b93
- Input: cros_ec_keyb - fix an invalid memory access
(stable-fixes).
- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
(stable-fixes).
- drm/amd/display: Increase DPCD read retries (stable-fixes).
- drm/amd/display: Move sleep into each retry for
retrieve_link_cap() (stable-fixes).
- kconfig/nconf: Initialize the default locale at startup
(stable-fixes).
- kconfig/mconf: Initialize the default locale at startup
(stable-fixes).
- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).
- commit 7011d30
- orangefs: fix xattr related buffer overflow.. (git-fixes).
- commit f97ca07
- rpm/mkspec: Exclude azure from kernel-syms dependencies
Similar to rt azure was initially a separate kernel variant, and not all
KMPs are built for it. kernel-azure-devel should be included as explicit
build depedency to get a KMP for this kernel flavor.
- commit c174e9b
- xhci: fix stale flag preventig URBs after link state error is
cleared (git-fixes).
- drm/xe: Fix conversion from clock ticks to milliseconds
(git-fixes).
- Revert "drm/amd/display: Move setup_stream_attribute"
(stable-fixes).
- commit d37276f
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors
(git-fixes).
- spi: bcm63xx: fix premature CS deassertion on RX-only
transactions (git-fixes).
- firmware: stratix10-svc: fix bug in saving controller data
(git-fixes).
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation
(git-fixes).
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings
fields (git-fixes).
- iio: accel: fix ADXL355 startup race condition (git-fixes).
- iio:common:ssp_sensors: Fix an error handling path ssp_probe()
(git-fixes).
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).
- most: usb: fix double free on late probe failure (git-fixes).
- slimbus: ngd: Fix reference count leak in
qcom_slim_ngd_notify_slaves (git-fixes).
- serial: amba-pl011: prefer dma_mapping_error() over explicit
address checking (git-fixes).
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable()
errors (git-fixes).
- USB: storage: Remove subclass and protocol overrides from
Novatek quirk (git-fixes).
- usb: uas: fix urb unmapping issue when the uas device is remove
during ongoing data transfer (git-fixes).
- usb: dwc3: Fix race condition between concurrent
dwc3_remove_requests() call paths (git-fixes).
- xhci: dbgtty: fix device unregister (git-fixes).
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).
- drivers/usb/dwc3: fix PCI parent check (git-fixes).
- usb: storage: Fix memory leak in USB bulk transport (git-fixes).
- usb: cdns3: Fix double resource release in cdns3_pci_probe
(git-fixes).
- mailbox: mailbox-test: Fix debugfs_create_dir error checking
(git-fixes).
- drm: sti: fix device leaks at component probe (git-fixes).
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
(git-fixes).
- commit 17705d7
- net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808)
- commit 975011b
- pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463)
- commit ce07984
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (CVE-2025-40187 bsc#1253647)
- commit e8a76b4
- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf()
NULL deref (git-fixes).
- commit 0d74148
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
(git-fixes).
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed
transmitted URBs (git-fixes).
- can: sja1000: fix max irq loop handling (git-fixes).
- can: kvaser_usb: leaf: Fix potential infinite loop in command
parsers (git-fixes).
- net: phy: mxl-gpy: fix link properties on USXGMII and internal
PHYs (git-fixes).
- atm/fore200e: Fix possible data race in fore200e_open()
(git-fixes).
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing
(git-fixes).
- Bluetooth: hci_sock: Prevent race in socket write iter and
sock bind (git-fixes).
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated
PHY (git-fixes).
- platform/x86: intel: punit_ipc: fix memory corruption
(git-fixes).
- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).
- commit 2366cbf
- remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (CVE-2025-40033 bsc#1252824)
- commit 2054391
- dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134 bsc#1253386)
- commit 1e5953d
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- commit bd1d198
- KVM: arm64: Prevent access to vCPU events before init (CVE-2025-40102 bsc#1252919)
- commit 104fba7
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776)
- commit f1cab17
- Add dtb-spacemit
SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2.
- commit f2f396d
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Add capability to register Platform Name ID to
fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in
point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED
during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps
(bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point
topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs
(bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in
lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and
comments (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging
(bsc#1254119).
- commit bfcfc18
- nvme-multipath: fix lockdep WARN due to partition scan work
(git-fixes bsc#1233640 CVE-2024-53093).
- commit 28a7b7d
- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).
- commit a7bb416
- nvme: Use non zero KATO for persistent discovery connections
(git-fixes).
- commit 4d9eece
- KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352).
- KVM: s390: improve interrupt cpu for wakeup (bsc#1235463).
- commit d323daf
- ALSA: usb-audio: fix uac2 clock source at terminal parser
(git-fixes).
- commit 74497c6
- nfsd: fix return error codes for nfsd_map_name_to_id
(bsc#1232223).
- commit 24071c5
- vhost: Take a reference on the task in struct vhost_task (CVE-2025-40024 bsc#1252686)
- commit fc81dc2
- nfsd: do not defer requests during idmap lookup in v4 compound
decode (bsc#1232223).
- commit 4b41b11
- tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (CVE-2025-40149 bsc#1253355).
- commit c8fb6ed
- smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427).
- commit 0f10629
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- commit a7ae1b3
- smc: Fix use-after-free in __pnet_find_base_ndev()
(CVE-2025-40064 bsc#1252845).
- commit 2971b90
- tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795).
- commit fcb52d9
- Update
patches.suse/ASoC-Intel-bytcr_rt5640-Fix-invalid-quirk-input-mapp.patch
(git-fixes CVE-2025-40154 bsc#1253431).
- Update
patches.suse/ASoC-Intel-bytcr_rt5651-Fix-invalid-quirk-input-mapp.patch
(git-fixes CVE-2025-40121 bsc#1253367).
- Update
patches.suse/Bluetooth-ISO-Fix-possible-UAF-on-iso_conn_free.patch
(git-fixes CVE-2025-40141 bsc#1253352).
- Update
patches.suse/EDAC-i10nm-Skip-DIMM-enumeration-on-a-disabled-memor.patch
(git-fixes CVE-2025-40157 bsc#1253423).
- Update
patches.suse/PM-devfreq-mtk-cci-Fix-potential-error-pointer-deref.patch
(git-fixes CVE-2025-40156 bsc#1253428).
- Update
patches.suse/Squashfs-reject-negative-file-sizes-in-squashfs_read_inode.patch
(git-fixes CVE-2025-40200 bsc#1253448).
- Update
patches.suse/accel-qaic-Treat-remaining-0-as-error-in-find_and_ma.patch
(git-fixes CVE-2025-40172 bsc#1253424).
- Update
patches.suse/bpf-Fix-metadata_dst-leak-__bpf_redirect_neigh_v-4-6.patch
(git-fixes CVE-2025-40183 bsc#1253441).
- Update
patches.suse/btrfs-avoid-potential-out-of-bounds-in-btrfs_encode_.patch
(git-fixes CVE-2025-40205 bsc#1253456).
- Update
patches.suse/can-hi311x-fix-null-pointer-dereference-when-resumin.patch
(stable-fixes CVE-2025-40107 bsc#1253018).
- Update
patches.suse/cpufreq-intel_pstate-Fix-object-lifecycle-issue-in-update_qos_request.patch
(stable-fixes git-fixes CVE-2025-40194 bsc#1253445).
- Update
patches.suse/crypto-rng-Ensure-set_ent-is-always-present.patch
(git-fixes CVE-2025-40109 bsc#1253176).
- Update
patches.suse/drm-vmwgfx-Fix-Use-after-free-in-validation.patch
(git-fixes CVE-2025-40111 bsc#1253362).
- Update
patches.suse/drm-vmwgfx-Fix-a-null-ptr-access-in-the-cursor-snoop.patch
(git-fixes CVE-2025-40110 bsc#1253275).
- Update
patches.suse/ext4-avoid-potential-buffer-over-read-in-parse_apply.patch
(git-fixes CVE-2025-40198 bsc#1253453).
- Update
patches.suse/hwrng-ks-sa-fix-division-by-zero-in-ks_sa_rng_init.patch
(git-fixes CVE-2025-40127 bsc#1253369).
- Update
patches.suse/mailbox-zynqmp-ipi-Fix-out-of-bounds-access-in-mailb.patch
(git-fixes CVE-2025-40180 bsc#1253440).
- Update
patches.suse/media-v4l2-subdev-Fix-alloc-failure-check-in-v4l2_su.patch
(git-fixes CVE-2025-40207 bsc#1253395).
- Update
patches.suse/net-usb-Remove-disruptive-netif_wake_queue-in-rtl815.patch
(git-fixes CVE-2025-40140 bsc#1253349).
- Update
patches.suse/net-usb-asix-hold-PM-usage-ref-to-avoid-PM-MDIO-RTNL.patch
(git-fixes CVE-2025-40120 bsc#1253360).
- Update
patches.suse/nvmet-fc-move-lsop-put-work-to-nvmet_fc_ls_req_op.patch
(bsc#1245193 bsc#1247500 CVE-2025-40171 bsc#1253412).
- Update
patches.suse/pwm-berlin-Fix-wrong-register-in-suspend-resume.patch
(git-fixes CVE-2025-40188 bsc#1253449).
- Update
patches.suse/scsi-mpt3sas-Fix-crash-in-transport-port-remove-by-using-i.patch
(git-fixes CVE-2025-40115 bsc#1253318).
- Update
patches.suse/scsi-pm80xx-Fix-array-index-out-of-of-bounds-on-rmmod.patch
(git-fixes CVE-2025-40118 bsc#1253363).
- Update
patches.suse/sunrpc-fix-null-pointer-dereference-on-zero-length-checksum.patch
(git-fixes CVE-2025-40129 bsc#1253472).
- Update
patches.suse/tcp-Don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch
(git-fixes CVE-2025-40186 bsc#1253438).
- Update
patches.suse/usb-host-max3421-hcd-Fix-error-pointer-dereference-i.patch
(git-fixes CVE-2025-40116 bsc#1253324).
- Update
patches.suse/usbnet-Fix-using-smp_processor_id-in-preemptible-cod.patch
(git-fixes CVE-2025-40164 bsc#1253407).
- commit d8d3cd1
- Fix "drm/xe: Don't allow evicting of BOs in same VM in array of VM binds" (bsc#1252923)
Fix the following compiler warning:
* no semicolon at end of struct or union in ../drivers/gpu/drm/xe/xe_vm_types.h
In file included from ../drivers/gpu/drm/xe/xe_bb.c:16:0:
../drivers/gpu/drm/xe/xe_vm_types.h:393:1: warning: no semicolon at end of struct or union
- commit 38ee821
- drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923 CVE-2025-40086)
- commit aa2fe0b
- selftests: net: lib: Do not overwrite error messages
(bsc#1254235).
- selftests: net: lib: fix shift count out of range (bsc#1254235).
- selftests: net: lib: Move logging from forwarding/lib.sh here
(bsc#1254235).
- selftests: net: add helper for checking if nettest is available
(bsc#1254235).
- selftests: net: lib: kill PIDs before del netns (bsc#1254235).
- selftests: lib: tc_rule_stats_get(): Move default to argument
definition (bsc#1254235).
- selftests: net: lib: remove 'ns' var in setup_ns (bsc#1254235).
- selftests: net: lib: do not set ns var as readonly
(bsc#1254235).
- selftests: net: lib: remove ns from list after clean-up
(bsc#1254235).
- selftests: net: lib: ignore possible errors (bsc#1254235).
- selftests: net: lib: set 'i' as local (bsc#1254235).
- selftests: net: lib: avoid error removing empty netns name
(bsc#1254235).
- selftests: net: lib: support errexit with busywait
(bsc#1254235).
- selftests/net: use tc rule to filter the na packet
(bsc#1254235).
- selftests/net/lib: no need to record ns name if it already exist
(bsc#1254235).
- selftests: net: Unify code of busywait() and slowwait()
(bsc#1254235).
- selftests: forwarding: Add a test for testing lib.sh
functionality (bsc#1254235).
- selftests: forwarding: Support for performance sensitive tests
(bsc#1254235).
- selftests: forwarding: Convert log_test() to recognize RET
values (bsc#1254235).
- selftests: forwarding: Have RET track kselftest framework
constants (bsc#1254235).
- selftests: lib: Define more kselftest exit codes (bsc#1254235).
- selftests: forwarding: Change inappropriate log_test_skip()
calls (bsc#1254235).
- selftests: forwarding.config.sample: Move overrides to lib.sh
(bsc#1254235).
- selftests: net: libs: Change variable fallback syntax
(bsc#1254235).
- selftests: forwarding: Parametrize mausezahn delay
(bsc#1254235).
- selftests/net/forwarding: add slowwait functions (bsc#1254235).
- selftests: forwarding: Remove duplicated lib.sh content
(bsc#1254235).
- selftests: forwarding: Redefine relative_path variable
(bsc#1254235).
- selftests: net: List helper scripts in TEST_FILES Makefile
variable (bsc#1254235).
- selftests/net/lib: update busywait timeout value (bsc#1254235).
- selftests: forwarding: Avoid failures to source net/lib.sh
(bsc#1254235).
- selftests/net: add variable NS_LIST for lib.sh (bsc#1254235).
- selftests/net: add lib.sh (bsc#1254235).
- commit 3a99ca1
- cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).
- commit caf12ec
- ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794).
- commit d58640c
- kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794).
- commit 7047515
- net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794).
- commit bc25dd4
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40074 bsc#1252794).
- commit ba856a3
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074
bsc#1252794).
- commit 74e34e6
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40074 bsc#1252794).
- commit bef51be
- ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794).
- refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch
- commit 7eda2f1
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40074 bsc#1252794).
- commit 172fe2b
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40074 bsc#1252794).
- commit d644653
- net: dst: annotate data-races around dst->output (CVE-2025-40074
bsc#1252794).
- commit a54672b
- net: dst: annotate data-races around dst->input (CVE-2025-40074
bsc#1252794).
- commit ffc43da
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40074 bsc#1252794).
- commit 8826356
- net: dst: annotate data-races around dst->expires
(CVE-2025-40074 bsc#1252794).
- commit 2c55499
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40074 bsc#1252794).
- commit 2ab42e2
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40074 bsc#1252794).
- commit 3c39f8c
- net: gro: convert four dev_net() calls (CVE-2025-40074
bsc#1252794).
- commit cf41694
- tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794).
- commit 2fe0b75
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40074 bsc#1252794).
- commit 5a73952
- nvme-auth: use hkdf_expand_label() (bsc#1247683).
- nvme-auth: add hkdf_expand_label() (bsc#1247683).
- commit a3877d8
- Refresh patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
Fix the missing mutex unlock at the error path
- commit f1238c1
- rpm/kernel-obs-build.spec.in: Add xt_addrtype module for docker
Needed by docker meanwhile.
- commit 1cd2f7d
- selftests/run_kselftest.sh: Add `--skip` argument option
(bsc#1254221).
- commit 36b2ecb
- x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
- Refresh
patches.suse/x86-amd_nb-Add-new-PCI-IDs-for-AMD-family-1Ah-model-60h.patch.
- commit 5a88cd1
- ALSA: hda: Fix missing pointer check in
hda_component_manager_init function (git-fixes).
- commit 39c22db
- ALSA: hda: Fix missing pointer check in
hda_component_manager_init function (git-fixes).
- commit baaeacd
- wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD
(bsc#1254181).
- commit 2dedbe5
- drm/amdkfd: relax checks for over allocation of save area
(stable-fixes).
- drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12
VRAM surfaces (stable-fixes).
- drm/xe: Do clean shutdown also when using flr (git-fixes).
- drm/xe: Move declarations under conditional branch
(stable-fixes).
- drm/mediatek: Add pm_runtime support for GCE power control
(git-fixes).
- drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
(stable-fixes).
- drm/amdgpu: remove two invalid BUG_ON()s (stable-fixes).
- commit 3c3412c
- tools: lib: thermal: don't preserve owner in install
(stable-fixes).
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
(stable-fixes).
- usb: gadget: f_fs: Fix epfile null pointer access after ep
enable (stable-fixes).
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
(stable-fixes).
- usb: xhci: plat: Facilitate using autosuspend for xhci plat
devices (stable-fixes).
- usb: cdns3: gadget: Use-after-free during failed initialization
and exit of cdnsp gadget (stable-fixes).
- usb: gadget: f_hid: Fix zero length packet transfer
(stable-fixes).
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
(stable-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
(stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before
power-on (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922
device (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check
(stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
(stable-fixes).
- commit 7dad19b
- tools: lib: thermal: use pkg-config to locate libnl3
(stable-fixes).
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
register 0 (stable-fixes).
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge
(stable-fixes).
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups
(stable-fixes).
- soc: qcom: smem: Fix endian-unaware access of num_entries
(stable-fixes).
- soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
- pinctrl: single: fix bias pull up/down handling in
pin_config_set (stable-fixes).
- power: supply: qcom_battmgr: handle charging state change
notifications (stable-fixes).
- power: supply: sbs-charger: Support multiple devices
(stable-fixes).
- power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
- spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
- spi: loopback-test: Don't use %pK through printk (stable-fixes).
- commit 47c8f1c
- NFS4: Fix state renewals missing after boot (git-fixes).
- commit 1f41fdb
- NFS: check if suid/sgid was cleared after a write as needed
(git-fixes).
- commit 6f2e3ba
- nfs4_setup_readdir(): insufficient locking for
- >d_parent->d_inode dereferencing (git-fixes).
- commit cbc0708
- PCI: cadence: Check for the existence of cdns_pcie::ops before
using it (stable-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw
spinlock (git-fixes).
- PCI: dwc: Verify the single eDMA IRQ in
dw_pcie_edma_irq_verify() (stable-fixes).
- PCI/PM: Skip resuming to D0 if device is disconnected
(stable-fixes).
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
(stable-fixes).
- PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
(stable-fixes).
- phy: renesas: r8a779f0-ether-serdes: add new step added to
latest datasheet (stable-fixes).
- net: phy: clear link parameters on admin link down
(stable-fixes).
- net: phy: marvell: Fix 88e1510 downshift counter errata
(stable-fixes).
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
(stable-fixes).
- net: phy: fixed_phy: let fixed_phy_unregister free the
phy_device (stable-fixes).
- media: redrat3: use int type to store negative error codes
(stable-fixes).
- media: ov08x40: Fix the horizontal flip control (stable-fixes).
- media: i2c: og01a1b: Specify monochrome media bus format
instead of Bayer (stable-fixes).
- media: adv7180: Only validate format in querystd (stable-fixes).
- media: adv7180: Do not write format to device in set_fmt
(stable-fixes).
- media: adv7180: Add missing lock in suspend callback
(stable-fixes).
- media: fix uninitialized symbol warnings (stable-fixes).
- media: imon: make send_packet() more robust (stable-fixes).
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for
VIDEO_CAMERA_SENSOR (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release()
(stable-fixes).
- mfd: madera: Work around false-positive -Wininitialized warning
(stable-fixes).
- mfd: da9063: Split chip variant reading in two bus transactions
(stable-fixes).
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
- mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
(stable-fixes).
- memstick: Add timeout to prevent indefinite waiting
(stable-fixes).
- mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
- commit 8c57bbb
- NFSv4.1: fix mount hang after CREATE_SESSION failure
(git-fixes).
- commit c832cc2
- NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
- commit aaacda9
- ima: don't clear IMA_DIGSIG flag when setting or removing
non-IMA xattr (stable-fixes).
- iio: adc: imx93_adc: load calibrated values even calibration
failed (stable-fixes).
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg
sample before setting register (stable-fixes).
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
(stable-fixes).
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
(stable-fixes).
- hwmon: sy7636a: add alias (stable-fixes).
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support
(stable-fixes).
- hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based
models (stable-fixes).
- commit f501af0
- jfs: fix uninitialized waitqueue in transaction manager
(git-fixes).
- commit 0b36ea1
- jfs: Verify inode mode when loading from disk (git-fixes).
- commit 475a90c
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
(git-fixes).
- commit 5b8d1e6
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- commit d98de00
- drm/amd/display: ensure committing streams is seamless
(stable-fixes).
- commit 0def0fa
- exfat: limit log print for IO error (git-fixes).
- commit 1fa4a3d
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released
(stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs*
(stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
(stable-fixes).
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
(stable-fixes).
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for
APU devices (stable-fixes).
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
(stable-fixes).
- fbdev: Add bounds checking in bit_putcs to fix
vmalloc-out-of-bounds (stable-fixes).
- extcon: adc-jack: Fix wakeup source leaks on device unbind
(stable-fixes).
- char: misc: Does not request module for miscdevice with dynamic
minor (stable-fixes).
- char: misc: Make misc_register() reentry for miscdevice who
wants dynamic minor (stable-fixes).
- drm/amd/display: Add AVI infoframe copy in
copy_stream_update_to_stream (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
(stable-fixes).
- drm/msm: make sure to not queue up recovery more than once
(stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
(stable-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
(stable-fixes).
- drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info
(stable-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects
(stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
(stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case
(stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping
(stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
(stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
(stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table
(stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
(stable-fixes).
- drm/bridge: display-connector: don't set OP_DETECT for
DisplayPorts (stable-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode
(stable-fixes).
- drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
(stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW
(stable-fixes).
- commit 304e918
- tcp: correct handling of extreme memory squeeze (bsc#1253779
CVE-2025-21710 bsc#1237888).
- commit bba09b0
- net: tcp: send zero-window ACK when no memory (bsc#1253779).
- commit f54e913
- ACPI: property: Return present device nodes only on fwnode
interface (stable-fixes).
- commit 7bfc861
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
(stable-fixes).
- commit d4e809a
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids
(stable-fixes).
- commit cea477f
- ACPICA: Update dsmethod.c to get rid of unused variable warning
(stable-fixes).
- commit 47d058d
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method() (stable-fixes).
- commit a383be8
- tools/cpupower: Fix incorrect size in cpuidle_state_disable()
(stable-fixes).
- commit 2d1aa96
- tools/cpupower: fix error return value in cpupower_write_sysfs()
(stable-fixes).
- commit c9d6e6c
- tools/power x86_energy_perf_policy: Prefer driver HWP limits
(stable-fixes).
- commit e772bc7
- tools/power x86_energy_perf_policy: Enhance HWP enable
(stable-fixes).
- commit 1133dff
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode
usage (stable-fixes).
- commit 23d6e42
- Update
patches.suse/net-smc-Remove-validation-of-reserved-bits-in-CLC-Decline-.patch
(bsc#1252353).
- commit d9fe289
- crypto: aspeed - fix double free caused by devm (git-fixes).
- dmaengine: dw-edma: Set status for callback_result
(stable-fixes).
- dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof()
(stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in
nvkm_snprintbf() (stable-fixes).
- char: misc: restrict the dynamic range to exclude reserved
minors (stable-fixes).
- crypto: aspeed-acry - Convert to platform remove callback
returning void (stable-fixes).
- commit 89d05dd
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
(stable-fixes).
- ALSA: usb-audio: don't log messages meant for 1810c when
initializing 1824c (git-fixes).
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
(stable-fixes).
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
(stable-fixes).
- Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
- Bluetooth: bcsp: receive data only if registered (stable-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting
HCI frames (stable-fixes).
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
(stable-fixes).
- accel/habanalabs/gaudi2: read preboot status after recovering
from dirty state (stable-fixes).
- accel/habanalabs: support mapping cb with vmalloc-backed
coherent memory (stable-fixes).
- accel/habanalabs/gaudi2: fix BMON disable configuration
(stable-fixes).
- accel/habanalabs: return ENOMEM if less than requested pages
were pinned (stable-fixes).
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007
(stable-fixes).
- ASoC: stm32: sai: manage context in set_sysclk callback
(stable-fixes).
- ALSA: usb-audio: add mono main switch to Presonus S1824c
(stable-fixes).
- ASoC: qcom: sc8280xp: explicitly set S16LE format in
sc8280xp_be_hw_params_fixup() (stable-fixes).
- ALSA: serial-generic: remove shared static buffer
(stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
(stable-fixes).
- commit d6deb82
- kernel-binary: Only skip brp-strip when debuginfo is enabled
Fixes: 4fc8f912b4f2 ("kernel-binary: Do not change debuginfo config during build")
- commit cd9963e
- octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (CVE-2025-39944 bsc#1251120)
- commit f5c6371
- ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (CVE-2025-39859 bsc#1250252)
- commit b475528
- x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
- commit 879f123
- x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
- commit 3042143
- net: macb: fix unregister_netdev call order in macb_remove() (CVE-2025-39805 bsc#1249982)
- commit 8a9576d
- x86/bugs: Report correct retbleed mitigation status (git-fixes).
- commit 11da480
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
- commit 265ca5a
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
- commit 0a4b156
- net/ip6_tunnel: Prevent perpetual tunnel growth (CVE-2025-40173
bsc#1253421).
- commit 2d9c02f
- ixgbe: fix memory leak and use-after-free in
ixgbe_recovery_probe() (git-fixes).
- ice: ice_adapter: release xa entry on adapter allocation failure
(CVE-2025-40185 bsc#1253394).
- commit b73b20b
- net/smc: Remove validation of reserved bits in CLC Decline
message (bsc#1253779).
- commit 6b0f67d
- kernel-binary: Support building gendwarfksyms on SLE/Leap 15
- commit 940a186
- cramfs: Verify inode mode when loading from disk (git-fixes).
- commit 593324b
- minixfs: Verify inode mode when loading from disk (git-fixes).
- commit a428067
- hyperv: Remove the spurious null directive line (git-fixes).
- tools/hv: fcopy: Fix incorrect file path conversion (git-fixes).
- commit 357812a
- Add missing bugzilla reference to net fix (bsc#1250237 CVE-2025-40206 bsc#1253393)
- commit 9ef65cb
- Input: imx_sc_key - fix memory corruption on unload (git-fixes).
- Input: pegasus-notetaker - fix potential out-of-bounds access
(git-fixes).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
- commit a07d058
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
(CVE-2025-40001 bsc#1252303).
- commit 2c846dd
- Disable CONFIG_CPU5_WDT
The cpu5wdt driver doesn't implement a proper watchdog interface and
has many code issues. It only handles obscure and obsolete hardware.
Stop building and supporting this driver (jsc#PED-14062).
- commit 5170874
- ata: libata-scsi: Add missing scsi_device_put() in
ata_scsi_dev_rescan() (git-fixes).
- drm/xe: Remove duplicate DRM_EXEC selection from Kconfig
(git-fixes).
- commit 90072fe
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc()
(git-fixes).
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
(git-fixes).
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
(git-fixes).
- Revert "drm/tegra: dsi: Clear enable register if powered by
bootloader" (git-fixes).
- drm/tegra: Add call to put_pid() (git-fixes).
- drm/tegra: dc: Fix reference leak in tegra_dc_couple()
(git-fixes).
- commit 401121e
- io_uring/kbuf: fix signedness in this_len calculation
(CVE-2025-39822 bsc#1250034).
- Refresh
patches.suse/io_uring-kbuf-always-use-READ_ONCE-to-read-ring-prov.patch.
- commit ae614f5
- io_uring/waitid: always prune wait queue entry in
io_waitid_wait() (CVE-2025-40047 bsc#1252790).
- commit daebc5e
- tls: wait for pending async decryptions if tls_strp_msg_hold
fails (CVE-2025-40176 bsc#1253425).
- commit 411c26e
- series.conf: reorder misplaced patches from kABI section
Fix misplaced patches in the kABI section by restoring correct order.
- commit f6506b9
- KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP
guests (git-fixes).
- commit 5a81a00
- KVM: x86: Have all vendor neutral sub-configs depend on KVM_X86,
not just KVM (git-fixes).
- commit 6f5118f
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return
codes to errnos (git-fixes).
- commit e814a2b
- vfs: Don't leak disconnected dentries on umount (CVE-2025-40105
bsc#1252928).
- commit 29d6b54
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is
updated (git-fixes).
- commit f6f6b8f
- KVM: VMX: Fix check for valid GVA on an EPT violation
(git-fixes).
- commit dab0856
- KVM: x86: Don't treat ENTER and LEAVE as branches, because
they aren't (git-fixes).
- commit 4d07448
- HID: uclogic: Fix potential memory leak in error path
(git-fixes).
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
(git-fixes).
- HID: amd_sfh: Stop sensor before starting (git-fixes).
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
(git-fixes).
- commit 98129db
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- uio_hv_generic: Let userspace take care of interrupt mask (git-fixes CVE-2025-40048 bsc#1252862).
- net/mana: fix warning in the writer of client oob (git-fixes).
- uio_hv_generic: Query the ringbuffer size for device (git-fixes).
- Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
- commit 0473d84
- xe/oa: Fix query mode of operation for OAR/OAC (git-fixes).
- commit 9858ecd
- sctp: Fix MAC comparison to be constant-time (CVE-2025-40204
bsc#1253436).
- commit 53f522f
- tracing: dynevent: Add a missing lockdown check on dynevent
(CVE-2025-40021 bsc#1252681).
- commit c113400
- Update
patches.suse/netfilter-nft_objref-validate-objref-and-objrefmap-e.patch
(bsc#1250237 CVE-2025-40206).
Inserted series, updated CVE reference and mainline
- commit 617e07d
- bpf: improve error message for unsupported helper (bsc#1252370).
- commit 8c4dd49
- bpf: Fix test verif_scale_strobemeta_subprogs failure due to
llvm19 (bsc#1252368).
- commit 0678471
- selftests/bpf: Close fd in error path in drop_on_reuseport
(git-fixes).
- commit 9eacaa7
- selftests/bpf: Close obj in error path in xdp_adjust_tail
(git-fixes).
- commit 32804dc
- selftests/bpf: Use pid_t consistently in test_progs.c
(git-fixes).
- commit 12adc35
- bpf: Reject negative offsets for ALU ops (CVE-2025-40169
bsc#1253416).
- commit 004bd79
- kernel-binary: Require libdw in Factory
Libdw is required for gendwarfksyms
- commit 0d3f66b
- drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6
sync off (git-fixes).
- commit 29efc4f
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions
(git-fixes).
- commit d1ea016
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode
(git-fixes).
- commit e0a8dc1
- drm/xe: Do not wake device during a GT reset (git-fixes).
- drm/exynos: exynos7_drm_decon: remove ctx->suspended
(git-fixes).
- drm/msm/a6xx: Fix PDC sleep sequence (git-fixes).
- commit 4d6c5ed
- drm/amdgpu: Fix function header names in amdgpu_connectors.c
(git-fixes).
- drm/xe/guc: Add more GuC load error status codes (stable-fixes).
- drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2)
(stable-fixes).
- drm/amdgpu: Fix unintended error log in VCN5_0_0 (git-fixes).
- commit 76d4e8d
- drm/amdgpu: Check vcn sram load return value (stable-fixes).
- commit 1e09cb2
- selftests/bpf: Remove sockmap_ktls disconnect_after_delete test
(bsc#1252365).
- commit 00ea4ac
- selftests/bpf: Remove tests for zeroed-array kptr (bsc#1252366).
- commit 5ccaff1
- mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference
(git-fixes).
- mtdchar: fix integer overflow in read/write ioctls (git-fixes).
- commit fd43643
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083 bsc#1252912).
- commit 517474e
- mm/secretmem: fix use-after-free race in fault handler
(git-fixes).
- commit 8bf2ad9
- mm/mm_init: fix hash table order logging in
alloc_large_system_hash() (git-fixes).
- commit fdeb2e0
- xsk: Harden userspace-supplied xdp_desc validation
(CVE-2025-40159 bsc#1253403).
- commit 7cd1a7d
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c
(git-fixes).
- commit f67cafa
- selftests/bpf: Fix missing UINT_MAX definitions in benchmarks
(git-fixes).
- commit 172ead3
- selftests/bpf: Fix missing BUILD_BUG_ON() declaration
(git-fixes).
- commit 67585df
- drm/amd/display: Allow VRR params change if unsynced with the
stream (git-fixes).
- acpi/hmat: Fix lockdep warning for hmem_register_resource()
(git-fixes).
- ASoC: tas2781: fix getting the wrong device number (git-fixes).
- commit e190af7
- drm/vmwgfx: Validate command header size against
SVGA_CMD_MAX_DATASIZE (git-fixes).
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
(git-fixes).
- acpi,srat: Fix incorrect device handle check for Generic
Initiator (git-fixes).
- spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
- regulator: fixed: fix GPIO descriptor leak on register failure
(git-fixes).
- ASoC: codecs: va-macro: fix resource leak in probe error path
(git-fixes).
- ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd (git-fixes).
- crypto: hisilicon/qm - Fix device reference leak in
qm_get_qos_value (git-fixes).
- commit c9e8681
- s390/mm: Fix in_atomic() handling in do_secure_storage_access()
(git-fixes CVE-2025-38359 bsc#1247076).
- s390/mm,fault: simplify kfence fault handling (bsc#1247076).
- commit 5eab67b
- selftests/bpf: Check for timeout in perf_link test
(bsc#1253648).
- commit b16f831
- kernel-binary: Do not change debuginfo config during build
Historically when debuginfo build was disabled in OBS kernel was
configured to not generate the debuginfo at all saving space during
build and making the build faster.
More and more kernel features depend on debuginfo, and disabling it
changes the kernel significantly disabling functionality that is
otherwise available and causing ABI breakage.
Recently genksyms was rewritten as gendwarfksyms to support more
features but requires debuginfo to operate. With that kernel builds
without deuginfo are not very useful anymore. Even if rpm eventually
trashes the debuginfo it needs to be always generated.
- commit 4fc8f91
- Bluetooth: L2CAP: export l2cap_chan_hold for modules
(stable-fixes).
- commit 0d1ed96
- drm/amd/display: Reject modes with too high pixel clock on
DCE6-10 (git-fixes).
- commit d1c050e
- drm/amdgpu/smu: Handle S0ix for vangogh (stable-fixes).
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- drm/sched: avoid killing parent entity on child SIGKILL
(stable-fixes).
- drm/amd/display: Fix incorrect return of vblank enable on
unconfigured crtc (stable-fixes).
- drm/amd: Check that VPE has reached DPM0 in idle handler
(stable-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released
(stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs*
(stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
(stable-fixes).
- wifi: mac80211: fix key tailroom accounting leak (git-fixes).
- fbdev: Add bounds checking in bit_putcs to fix
vmalloc-out-of-bounds (stable-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
(stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: rtw89: print just once for unknown C2H events
(stable-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before
power-on (stable-fixes).
- wifi: mac80211: Track NAN interface start/stop (stable-fixes).
- wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv
error (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922
device (stable-fixes).
- wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check
(stable-fixes).
- wifi: mac80211: Fix 6 GHz Band capabilities element
advertisement in lower bands (stable-fixes).
- drm/amd/display: change dc stream color settings only in atomic
commit (stable-fixes).
- drm/amd/display: update color on atomic commit time
(stable-fixes).
- drm/amd/display: Fix for test crash due to power gating
(stable-fixes).
- drm/amd/display: Init dispclk from bootup clock for DCN314
(stable-fixes).
- drm/amd/display: Add AVI infoframe copy in
copy_stream_update_to_stream (stable-fixes).
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- drm/amd/display/dml2: Guard
dml21_map_dc_state_into_dml_display_cfg with DC_FP_START
(stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd/display: Add fallback path for YCBCR422 (stable-fixes).
- drm/amd/display: Set up pixel encoding for YCBCR422
(stable-fixes).
- drm/amd/display: fix dml ms order of operations (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
(stable-fixes).
- drm/xe/guc: Return an error code if the GuC load fails
(stable-fixes).
- drm/xe/guc: Set upper limit of H2G retries over CTB
(stable-fixes).
- drm/xe/guc: Increase GuC crash dump buffer size (stable-fixes).
- drm/msm/registers: Generate _HI/LO builders for reg64
(stable-fixes).
- drm/msm: make sure to not queue up recovery more than once
(stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
(stable-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
(stable-fixes).
- drm/amd/display: Fix pbn_div Calculation Error (stable-fixes).
- drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info
(stable-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects
(stable-fixes).
- drm: panel-backlight-quirks: Make EDID match optional
(stable-fixes).
- drm/panthor: check bo offset alignment in vm bind
(stable-fixes).
- drm/xe: Fix oops in xe_gem_fault when running core_hotunplug
test (stable-fixes).
- drm/amd/display: incorrect conditions for failing dto
calculations (stable-fixes).
- drm/amd/display: Increase minimum clock for TMDS 420 with pipe
splitting (stable-fixes).
- drm/amd/display: Support HW cursor 180 rot for any number of
pipe splits (stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
(stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case
(stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
(stable-fixes).
- wifi: mac80211: don't mark keys for inactive links as uploaded
(stable-fixes).
- commit 6587ad7
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
(stable-fixes).
- drm/amdgpu: Correct the counts of nr_banks and nr_errors
(stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping
(stable-fixes).
- drm/amdgpu: fix nullptr err of vm_handle_moved (stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
(stable-fixes).
- drm/amd/display: Reset apply_eamless_boot_optimization when
dpms_off (stable-fixes).
- drm/amd/display: Wait until OTG enable state is cleared
(stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
(stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table
(stable-fixes).
- drm/amdgpu: Skip poison aca bank from UE channel (stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/amdgpu: Release xcp drm memory after unplug
(stable-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
(stable-fixes).
- drm/amd/display: Move setup_stream_attribute (stable-fixes).
- drm/amdgpu: add range check for RAS bad page address
(stable-fixes).
- drm/amd/display: ensure committing streams is seamless
(stable-fixes).
- drm/amd/display: fix condition for setting timing_adjust_pending
(stable-fixes).
- drm/bridge: display-connector: don't set OP_DETECT for
DisplayPorts (stable-fixes).
- drm/panthor: Serialize GPU cache flush operations
(stable-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode
(stable-fixes).
- drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
(stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW
(stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in
nvkm_snprintbf() (stable-fixes).
- drm/sched: Optimise drm_sched_entity_push_job (stable-fixes).
- commit 3f9116e
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
(git-fixes).
- ACPI: CPPC: Perform fast check switch only for online CPUs
(git-fixes).
- ACPI: CPPC: Check _CPC validity for only the online CPUs
(git-fixes).
- wifi: mwl8k: inject DSSS Parameter Set element into beacons
if missing (git-fixes).
- wifi: mac80211: skip rate verification for not captured PSDUs
(git-fixes).
- wifi: ath11k: zero init info->status in
wmi_process_mgmt_tx_comp() (git-fixes).
- wifi: mac80211: reject address change while connecting
(git-fixes).
- Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
(git-fixes).
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type
confusion (git-fixes).
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
(git-fixes).
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid
UAF (git-fixes).
- Bluetooth: MGMT: cancel mesh send timer when hdev removed
(git-fixes).
- strparser: Fix signed/unsigned mismatch bug (git-fixes).
- commit 22e4e84
- bpf: make sure skb->len != 0 when redirecting to a tunneling device (CVE-2022-50253 bsc#1249912)
- commit 9d76bea
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (CVE-2025-39788 bsc#1249547)
- commit 8ecb142
- drm/amd/display: Check dce_hwseq before dereferencing it (CVE-2025-38361 bsc#1247079)
- commit c29726d
- NFSD: Skip close replay processing if XDR encoding fails
(git-fixes).
- commit a56f52a
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails
(git-fixes).
- commit bd549b4
- NFSD: free copynotify stateid in nfs4_free_ol_stateid()
(git-fixes).
- commit e5427cd
- perf script: add --addr2line option (bsc#1247509).
- commit b555487
- scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786 CVE-2023-53676).
- commit 9f54767
- crypto: iaa - Do not clobber req->base.data (git-fixes).
- commit 5feccb5
- btrfs: scrub: put bio after errors in
scrub_raid56_parity_stripe() (git-fixes).
- commit 065dd63
- btrfs: do not update last_log_commit when logging inode due
to a new name (git-fixes).
- commit c42dda1
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
(git-fixes).
- commit e04111e
- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from
SEV-ES guest (git-fixes).
- commit 3065bbf
- KVM: x86: Add helper to retrieve current value of user return
MSR (git-fixes).
- commit c3e167a
- KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while
running the guest (git-fixes).
- commit 3f8cc18
- btrfs: tree-checker: fix the wrong output of data backref
objectid (git-fix).
- commit b216859
- btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
- commit 1ee428c
- btrfs: avoid page_lockend underflow in
btrfs_punch_hole_lock_range() (git-fix).
- commit 0febf2a
- btrfs: run btrfs_error_commit_super() early (git-fix).
- commit 8643309
- btrfs: tree-checker: add dev extent item checks (git-fix).
- commit 48bfe9b
- btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
- commit 4308950
- btrfs: avoid using fixed char array size for tree names
(git-fix).
- commit f141f17
- btrfs: tree-checker: validate dref root and objectid (git-fix).
- commit 3243d37
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
(git-fix).
- commit 36065ed
- btrfs: qgroup: correctly model root qgroup rsv in convert
(git-fix).
- commit 9e4469e
- btrfs: tree-checker: add type and sequence check for inline
backrefs (git-fix).
- commit d1d2092
- btrfs: scrub: put bio after errors in
scrub_raid56_parity_stripe() (git-fix).
- commit ee165a1
- Alt-commit updates
- Refresh
patches.suse/drm-amd-display-Fix-brightness-level-not-retained-ov.patch.
- Refresh
patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch.
- Refresh
patches.suse/drm-i915-dsi-Use-TRANS_DDI_FUNC_CTL-s-own-port-width.patch.
- Refresh
patches.suse/drm-panel-simple-Update-timings-for-AUO-G101EVN010.patch.
- Refresh
patches.suse/drm-sched-Add-locking-to-drm_sched_entity_modify_sch.patch.
- commit 1d2b5d5
- KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
APIs (git-fixes).
- commit f324b7a
- KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
(git-fixes).
- commit 8b3994e
- btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging
new name (git-fixes).
- commit c373962
- btrfs: simplify error handling logic for btrfs_link()
(git-fixes).
- commit 5e3a1fc
- btrfs: fix inode leak on failure to add link to inode
(git-fixes).
- commit 5155c3a
- btrfs: abort transaction on failure to add link to inode
(git-fixes).
- commit 91c4075
- btrfs: rename err to ret in btrfs_link() (git-fixes).
- commit 4d5a044
- btrfs: send: fix duplicated rmdir operations when using extrefs
(git-fixes).
- commit 2c08529
- KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
supported (git-fixes).
- commit e5606a4
- KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
flag (git-fixes).
- commit 885b7d6
- KVM: x86: Convert vcpu_run()'s immediate exit param into a
generic bitmap (git-fixes).
- commit 31c591b
- Alt-commit updates
- Refresh
patches.suse/drm-amd-display-Default-IPS-to-RCG_IN_ACTIVE_IPS2_IN.patch.
- Refresh
patches.suse/drm-amd-display-Reduce-accessing-remote-DPCD-overhea.patch.
- Refresh
patches.suse/drm-amdgpu-Fix-Circular-Locking-Dependency-in-AMDGPU.patch.
- Refresh
patches.suse/drm-amdgpu-discovery-fix-fw-based-ip-discovery.patch.
- Refresh
patches.suse/drm-xe-Allow-dropping-kunit-dependency-as-built-in.patch.
- Refresh
patches.suse/drm-xe-Carve-out-wopcm-portion-from-the-stolen-memor.patch.
- Refresh
patches.suse/drm-xe-Ensure-fixed_slice_mode-gets-set-after-ccs_mo.patch.
- Refresh
patches.suse/drm-xe-Fix-and-re-enable-xe_print_blob_ascii85.patch.
- Refresh
patches.suse/drm-xe-Move-page-fault-init-after-topology-init.patch.
- Refresh patches.suse/drm-xe-bmg-Update-Wa_22019338487.patch.
- Refresh
patches.suse/drm-xe-gsc-do-not-flush-the-GSC-worker-from-the-rese.patch.
- Refresh
patches.suse/drm-xe-guc_submit-fix-race-around-pending_disable.patch.
- commit 91d503b
- Delete
patches.kabi/KVM-x86-Snapshot-the-host-s-DEBUGCTL-in-common-x86.patch.
Now that kabi/severities is amended to ignore
xfer_to_guest_mode_handle_work(), drop the unneeded kABI workaround.
- commit 770d961
- btrfs: mark dirty extent range for out of bound prealloc extents
(git-fixes).
- commit d11dc7c
- btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot() (git-fixes).
- commit 0e43958
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
- commit add9d74
- kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if
KVM maps MMIO into the guest (git-fixes) (git-fixes).
- commit f87a69e
- pds_core: remove write-after-free of client_id (CVE-2025-37916 bsc#1243474)
- commit 40805a0
- coresight: Fix incorrect handling for return value of devm_kzalloc (CVE-2025-40059 bsc#1252809)
- commit f7e7b0e
- ocfs2: fix double free in user_cluster_connect() (CVE-2025-40055 bsc#1252821)
- commit 9897d8a
- pinctrl: check the return value of
pinmux_ops::get_function_name() (CVE-2025-40030 bsc#1252773).
- commit 060cddf
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO
into the guest (git-fixes).
- commit 0b2e0e5
- pps: fix warning in pps_register_cdev when register device fail
(CVE-2025-40070 bsc#1252836).
- commit 98a58ce
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when
making a SPTE (git-fixes).
- commit 17da1dd
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_get_acpi_mute_state() (CVE-2025-40098 bsc#1252917).
- commit 8b9eeeb
- drm/xe/guc: Synchronize Dead CT worker with unbind (git-fixes).
- drm/mediatek: Disable AFBC support on Mediatek DRM driver
(git-fixes).
- drm/amd/display: Enable mst when it's detected but yet to be
initialized (git-fixes).
- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
(git-fixes).
- media: videobuf2: forbid remove_bufs when legacy fileio is
active (git-fixes).
- commit f464849
- rtc: rx8025: fix incorrect register reference (git-fixes).
- drm/amd: Fix suspend failure with secure display TA (git-fixes).
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments
(git-fixes).
- drm/i915: Fix conversion between clock ticks and nanoseconds
(git-fixes).
- drm/i915: Avoid lock inversion when pinning to GGTT on
CHV/BXT+VTD (git-fixes).
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
(git-fixes).
- Documentation: ACPI: i2c-muxes: fix I2C device references
(git-fixes).
- ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround
for GCC (git-fixes).
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to
netgroup (git-fixes).
- net: usb: qmi_wwan: initialize MAC header offset in
qmimux_rx_fixup (git-fixes).
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
(git-fixes).
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2()
(git-fixes).
- Bluetooth: hci_event: validate skb length for unknown CC opcode
(git-fixes).
- wifi: zd1211rw: fix potential memory leak in
__zd_usb_enable_rx() (git-fixes).
- Revert "wifi: ath10k: avoid unnecessary wait for service ready
message" (git-fixes).
- media: uvcvideo: Use heuristic to find stream entity
(git-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races
with stall event (git-fixes).
- xhci: dbc: Avoid event polling busyloop if pending rx transfers
are inactive (git-fixes).
- xhci: dbc: Improve performance by removing delay in transfer
event polling (stable-fixes).
- xhci: dbc: Allow users to modify DbC poll interval via sysfs
(stable-fixes).
- xhci: dbc: poll at different rate depending on data transfer
activity (stable-fixes).
- commit 6309683
- x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
- Refresh patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch.
- Refresh patches.suse/x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-client.
- commit d7ef23e
- x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
- commit 85fd0b8
- fs/smb: Fix inconsistent refcnt update (bsc#1250176,
CVE-2025-39819).
- commit 966a58e
- kabi/severities: drop xfer_to_guest_mode_handle_work
This is part of KVM, and it is already ignored in SL-16.0. The function
only takes a pointer to a KVM struct and feeds it back to the KVM
subsystem.
- commit d47ad64
- net/9p: fix double req put in p9_fd_cancelled (CVE-2025-40027
bsc#1252763).
- commit bff03bd
- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't
valid (CVE-2025-40038 bsc#1252817).
- commit d00fe85
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails
to allocate psock->cork (bsc#1250705).
- commit fd68ed6
- scsi: libfc: Prevent integer overflow in fc_fcp_recv_data()
(git-fixes).
- scsi: mpt3sas: Fix crash in transport port remove by using
ioc_info() (git-fixes).
- scsi: hpsa: Fix potential memory leak in
hpsa_big_passthru_ioctl() (git-fixes).
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
(git-fixes).
- md: fix mssing blktrace bio split events (git-fixes).
- md/raid1: fix data lost for writemostly rdev (git-fixes).
- scsi: core: sysfs: Correct sysfs attributes access rights
(git-fixes).
- block: fix kobject double initialization in add_disk
(git-fixes).
- block: avoid possible overflow for chunk_sectors check in
blk_stack_limits() (git-fixes).
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel
scans (git-fixes).
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
- commit 59aa14f
- nexthop: Forbid FDB status change while nexthop is in a group
(CVE-2025-39980 bsc#1252063).
- commit 44a7e79
- mm/ksm: fix flag-dropping behavior in ksm_madvise
(CVE-2025-40040 bsc#1252780).
- commit ff8401e
- serial: 8250_mtk: Enable baud clock and manage in runtime PM
(git-fixes).
- serial: 8250_exar: add support for Advantech 2 port card with
Device ID 0x0018 (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode
(git-fixes).
- commit c2ea229
- media: atomisp: Prefix firmware paths with "intel/ipu/"
(bsc#1252973).
- media: atomisp: Remove firmware_name module parameter
(bsc#1252973).
- commit 903670f
- selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
- commit 0165696
- selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete
failure (git-fixes).
- commit 2116607
- selftests/bpf: fix signedness bug in redir_partial()
(git-fixes).
- commit b261c17
- nbd: restrict sockets to TCP and UDP (bsc#1252774
CVE-2025-40080).
- commit a7c3e39
- cpuset: Use new excpus for nocpu error check when enabling
root partition (bsc#1241166).
- cgroup/cpuset: Remove remote_partition_check() & make
update_cpumasks_hier() handle remote partition (bsc#1241166).
- commit ebb5700
- cpuset: fix failure to enable isolated partition when containing
isolcpus (bsc#1241166).
- commit 1cf8aac
- KVM: SVM: Delete IRTE link from previous vCPU irrespective of
new routing (git-fixes).
- commit 3f53773
- KVM: SVM: Delete IRTE link from previous vCPU before setting
new IRTE (git-fixes).
- commit 3a81245
- KVM: SVM: WARN if an invalid posted interrupt IRTE entry is
added (git-fixes).
- commit bfa05fc
- iommu/amd: Return an error if vCPU affinity is set for non-vCPU
IRTE (git-fixes).
- commit f408e78
- KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure
(git-fixes).
- commit a903289
- KVM: Pass new routing entries and irqfd when updating IRTEs
(git-fixes).
- commit 376d7cf
- Refresh
patches.suse/Revert-KVM-VMX-Move-LOAD_IA32_PERF_GLOBAL_CTRL-errat.patch.
Fix whitespace (patch was using spaces).
- commit 04dc661
- avahi
-
- Add avahi-CVE-2025-68276.patch:
Backport 0c013e2 from upstream, refuse to create wide-area record
browsers when wide-area is off.
(CVE-2025-68276, bsc#1256498)
- Add avahi-CVE-2025-68471.patch:
Backport 9c6eb53 from upstream, fix DoS bug by changing assert to
return.
(CVE-2025-68471, bsc#1256500)
- Add avahi-CVE-2025-68468.patch:
Backport f66be13 from upstream, fix DoS bug by removing incorrect
assertion.
(CVE-2025-68468, bsc#1256499)
- util-linux
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).
- gcc15
-
- Add gcc15-bsc1253043.patch to enable the use of _dl_find_object
even when not available at build time. [bsc#1253043]
- samba
-
- Fix testparm error handling the "sync machine password to keytab"
option; (bsc#1254439);
- Fix Samba printers reporting invalid sid during print jobs;
(bsc#1234210); (bsc#1254926); (bso#15792).
- samba-bgqd can't find [printers] share; (bso#15936);
(bsc#1254586).
- Update to 4.21.10
* Crash in ctdbd on failed updateip; (bso#15935).
* samba-4.21 fails to join AD when multiple DCs are returned;
(bso#15905).
* vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev
for fsync_send; (bso#15919).
* CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set;
(bso#15921).
- Update to 4.21.9
* CVE-2025-10230; (bso#15903); (bsc#1251279).
* CVE-2025-9640; (bso#15885); (bsc#1251280).
- openssl-1_1
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- libpcap
-
- Security fix: [bsc#1255765, CVE-2025-11961]
* Fix out-of-bound-write and out-of-bound-read in pcap_ether_aton()
due to missing validation of provided MAC-48 address string
* Add libpcap-CVE-2025-11961.patch
- pciutils
-
- pciutils.spec: Add a strict dependency to libpci. [bsc#1252338]
Mixing different versions of pciutils and libpci could result in
a segmentation fault due to incompatible ABI.
- libpng16
-
- security update
- added patches
CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
* libpng16-CVE-2025-28162,28164.patch
- security update
- added patches
CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read
* libpng16-CVE-2026-22695.patch
CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_*
* libpng16-CVE-2026-22801.patch
- security update
- added patches
CVE-2025-66293 [bsc#1254480], LIBPNG out-of-bounds read in png_image_read_composite
* libpng16-CVE-2025-66293-1.patch
* libpng16-CVE-2025-66293-2.patch
- security update
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng16-CVE-2025-64505.patch
CVE-2025-64506 [bsc#1254158], heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled
* libpng16-CVE-2025-64506.patch
CVE-2025-64720 [bsc#1254159], buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
* libpng16-CVE-2025-64720.patch
CVE-2025-65018 [bsc#1254160], heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
* libpng16-CVE-2025-65018.patch
- python3
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Skip test_curses on ppc64le (gh#python/cpython#141534)
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- Readjust patches while synchronizing between openSUSE and SLE trees:
- F00251-change-user-install-location.patch
- doc-py38-to-py36.patch
- gh126985-mv-pyvenv.cfg2getpath.patch
- libtasn1
-
- Security fix: [bsc#1256341, CVE-2025-13151]
* Stack-based buffer overflow. The function asn1_expend_octet_string()
fails to validate the size of input data resulting in a buffer overflow.
* Add libtasn1-CVE-2025-13151.patch
- mdadm
-
- Split off the Software RAID HOWTO into a -doc package
- Update to version 4.4+29.gf8bb524b:
* fix race between mdcheck_start.service and mdcheck_continue.service
(bsc#1243443, bsc#1248097)
* various fixes for mdcheck (bsc#1248097)
* mdadm_env.sh: ignore MDADM_RAIDDEVICES if MDADM_SCAN is set
(bsc#1229997)
- Upstream bug fixes since 4.4 (bsc#1253060)
* mdadm: add attribute nonstring for signature
* super-ddf: Prevent crash when handling DDF metadata
* platform-intel: Disable legacy option ROM scan on UEFI machines
* mdadm: fix --grow with --add for linear
* mdadm/raid6check: add xmalloc.h to raid6check.c
* Coverity fixes resources leaks
* udev: persist properties of MD devices after switch_root
- _service: switch to tar_scm for better interoperabity with SLFO.
- _service: pull from github.com/openSUSE/mdadm, patches now managed in git
* delete 0010-mdopen-add-sbin-path-to-env-PATH-when-call-system-mo.patch
* delete 1000-Revert-mdmonitor-Abandon-custom-configuration-files.patch
* delete 1001-display-timeout-status.patch
* delete 1002-OnCalendar-format-fix-of-mdcheck_start-timer.patch
* delete 1003-mdadm-treat-the-Dell-softraid-array-as-local-array.patch
* delete 1004-call-mdadm_env.sh-from-usr-libexec-mdadm.patch
* delete 1005-mdadm-enable-Intel-Alderlake-RSTe-configuration.patch
* delete 1006-imsm-Fix-RAID0-to-RAID10-migration.patch
* delete 1007-mdadm-allow-any-valid-minor-number-in-md-device-name.patch
* delete 1008-mdmonitor-use-MAILFROM-to-set-sendmail-envelope-send.patch
- New versioning scheme: add tag offset and git commit from openSUSE/mdadm repo
- Fix systemd unit file handling in spec file (boo#1207266)
* make all units known to systemd
* restart only timers and mdmonitor.service
- Stop emitting %release into program binaries [boo#1246806]
- supportutils
-
- Changes to version 3.2.12
+ Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
+ Run in containers without errors (bsc#1245667, PR#272)
+ Removed pmap PID from memory.txt (bsc#1246011, PR#263)
+ Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
+ Improved database perforce with kGraft patching (bsc#1249657, PR#273)
+ Using last boot for journalctl for optimization (bsc#1250224, PR#287)
+ Fixed extraction failures (bsc#1252318, PR#275)
+ Update supportconfig.conf path in docs (bsc#1254425, PR#281)
+ drm_sub_info: Catch error when dir doesn't exist (PR#265)
+ Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
+ Add process affinity to slert logs (PR#269)
+ Reintroduce cgroup statistics (and v2) (PR#270)
+ Minor changes to basic-health-check: improve information level (PR#271)
+ Collect important machine health counters (PR#276)
+ powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
+ podman: collect podman disk usage (PR#279)
+ Exclude binary files in crondir (PR#282)
+ kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
+ Use short-iso for journalctl (PR#288)
- Changes to version 3.2.11
+ Collect rsyslog frule files (bsc#1244003, pr#257)
+ Remove proxy passwords (bsc#1244011, pr#257)
+ Missing NetworkManager information (bsc#1241284, pr#257)
+ Include agama logs bsc#1244937, pr#256)
+ Additional NFS conf files (pr#253)
+ New fadump sysfs files (pr#252)
+ Fixed change log dates
- suse-module-tools
-
- Update to version 15.7.8:
* spec file: move %udev_rules_update call to %posttrans (bsc#1250664)
- Update to version 15.7.7:
* weak-modules2: skip livepatch dir when checking for unresolved symbols
(bsc#1250655)