- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix: [bsc#1256389] (gpg.fail/filename)
* GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field
* Add gnupg-accepts-path-separators-literal-data.patch
- kernel-default
-
- Move out-of-tree rt patch into the right section
- commit 125c148
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221).
- commit 0a3e886
- libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220).
- commit 2e431bc
- libceph: return the handler error from mon_handle_auth_done() (CVE-2026-22992 bsc#1257218).
- commit 518f909
- libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984 bsc#1257217).
- commit 7474e34
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP
allocations (bsc#1254447 bsc#1253087).
- commit e90ec28
- bpf/selftests: test_select_reuseport_kern: Remove unused header
(bsc#1257603).
- commit 3124f7b
- smb: client: short-circuit in open_cached_dir_by_dentry()
if !dentry (git-fixes).
- commit 82d6911
- smb: client: ensure open_cached_dir_by_dentry() only returns
valid cfid (git-fixes).
- commit d1feafe
- smb: client: split cached_fid bitfields to avoid shared-byte
RMW races (bsc#1250748,bsc#1257154).
- commit e7ce4ba
- scripts/python/git_sort/git_sort.yaml: add cifs for-next repository
- commit 0d24c51
- smb: improve directory cache reuse for readdir operations
(bsc#1252712).
- commit 20c0243
- smb: client: remove unused fid_lock (git-fixes).
- commit ed3cf07
- smb: client: update cfid->last_access_time in
open_cached_dir_by_dentry() (git-fixes).
- commit 1962196
- cifs: add new field to track the last access time of cfid
(git-fixes).
- commit 7328aa8
- smb: change return type of cached_dir_lease_break() to bool
(git-fixes).
- commit da8604d
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 16880ae
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit b3a8e60
- x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1
(CVE-2026-23005 bsc#1257245).
- commit 4fcc2d5
- Update
patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch
(git-fixes CVE-2025-40097 bsc#1252900).
- Update
patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch
(git-fixes CVE-2025-71081 bsc#1256609).
- Update
patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch
(git-fixes CVE-2025-71147 bsc#1257158).
- Update
patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch
(git-fixes CVE-2024-42103 bsc#1228490).
- Update
patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch
(git-fixes CVE-2025-38243 bsc#1246184).
- Update
patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714
bsc#1254465).
- Update
patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch
(git-fixes CVE-2025-71083 bsc#1256610).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch
(git-fixes CVE-2025-71111 bsc#1256728).
- Update
patches.suse/ipmi-Rework-user-message-limit-handling.patch
(git-fixes CVE-2025-40202 bsc#1253451).
- Update
patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch
(git-fixes CVE-2025-71136 bsc#1256759).
- Update
patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch
(git-fixes CVE-2025-68819 bsc#1256664).
- Update
patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch
(git-fixes CVE-2025-68808 bsc#1256682).
- Update
patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch
(git-fixes CVE-2025-38322 bsc#1246447).
- Update
patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch
(git-fixes CVE-2025-68804 bsc#1256617).
- Update
patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch
(bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616).
- Update
patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch
(git-fixes CVE-2025-38379 bsc#1247030).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch
(git-fixes CVE-2024-53070 bsc#1233563).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch
(git-fixes CVE-2025-37813 bsc#1242909).
- Update
patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch
(bsc#1256528 CVE-2025-22047 bsc#1241437).
- commit fbc3d71
- Update
patches.suse/ALSA-pcm-Disable-bottom-softirqs-as-part-of-spin_loc.patch
(git-fixes CVE-2025-40142 bsc#1253348).
- Update
patches.suse/ASoC-Intel-sof_sdw-Prevent-jump-to-NULL-add_sidecar-.patch
(git-fixes CVE-2025-40132 bsc#1253330).
- Update
patches.suse/accel-qaic-Fix-bootlog-initialization-ordering.patch
(git-fixes CVE-2025-40177 bsc#1253443).
- Update
patches.suse/clk-samsung-exynos-clkout-Assign-.num-before-accessi.patch
(git-fixes CVE-2025-71143 bsc#1256749).
- Update
patches.suse/cpuset-fix-warning-when-disabling-remote-partition.patch
(bsc#1256794 CVE-2025-71142 bsc#1256748).
- Update
patches.suse/crypto-hisilicon-qm-request-reserved-interrupt-for-v.patch
(git-fixes CVE-2025-40136 bsc#1253340).
- Update
patches.suse/drm-tilcdc-Fix-removal-actions-in-case-of-failed-pro.patch
(git-fixes CVE-2025-71141 bsc#1256756).
- Update
patches.suse/drm-xe-Limit-num_syncs-to-prevent-oversized-allocati.patch
(git-fixes CVE-2025-68802 bsc#1256661).
- Update
patches.suse/drm-xe-guc-Check-GuC-running-state-before-deregister.patch
(git-fixes CVE-2025-40166 bsc#1253433).
- Update
patches.suse/drm-xe-oa-Fix-potential-UAF-in-xe_oa_add_config_ioct.patch
(git-fixes CVE-2025-71099 bsc#1256592).
- Update
patches.suse/drm-xe-oa-Limit-num_syncs-to-prevent-oversized-alloc.patch
(git-fixes CVE-2025-71076 bsc#1256627).
- Update
patches.suse/efi-stmm-Fix-incorrect-buffer-allocation-method.patch
(git-fixes CVE-2025-39836 bsc#1249904).
- Update
patches.suse/nvme-tcp-remove-tag-set-when-second-admin-queue-conf.patch
(git-fixes CVE-2025-38209 bsc#1246022).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-out-of-bounds-array-acce.patch
(git-fixes CVE-2025-71101 bsc#1256594).
- Update
patches.suse/wifi-ath12k-fix-memory-leak-in-ath12k_pci_remove.patch
(stable-fixes CVE-2025-37744 bsc#1243662).
- Update
patches.suse/x86-CPU-AMD-Terminate-the-erratum_1386_microcode-array.patch
(git-fixes CVE-2024-56721 bsc#1235566).
- Update
patches.suse/x86-cpu-Avoid-running-off-the-end-of-an-AMD-erratum-table.patch
(git-fixes CVE-2025-37751 bsc#1242505).
- Update
patches.suse/x86-kvm-Force-legacy-PCI-hole-to-UC-when-overriding-MTRRs-.patch
(bsc#1245538 CVE-2025-40181 bsc#1253471).
- commit fbc9bf3
- Update
patches.suse/ACPICA-Avoid-walking-the-Namespace-if-start_node-is-.patch
(stable-fixes CVE-2025-71118 bsc#1256763).
- Update
patches.suse/ALSA-usb-mixer-us16x08-validate-meter-packet-indices.patch
(git-fixes CVE-2025-68783 bsc#1256650).
- Update patches.suse/ASoC-tlv320adcx140-fix-null-pointer.patch
(git-fixes CVE-2026-23006 bsc#1257208).
- Update
patches.suse/Bluetooth-btusb-revert-use-of-devm_kzalloc-in-btusb.patch
(git-fixes CVE-2025-71082 bsc#1256611).
- Update
patches.suse/Input-ti_am335x_tsc-fix-off-by-one-error-in-wire_ord.patch
(git-fixes CVE-2025-68777 bsc#1256655).
- Update
patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
(CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
- Update
patches.suse/bpf-Do-not-let-BPF-test-infra-emit-invalid-GSO-types.patch
(bsc#1255569 CVE-2025-68725).
- Update
patches.suse/char-applicom-fix-NULL-pointer-dereference-in-ac_ioc.patch
(stable-fixes CVE-2025-68797 bsc#1256660).
- Update
patches.suse/comedi-fix-divide-by-zero-in-comedi_buf_munge.patch
(stable-fixes CVE-2025-40106 bsc#1252891).
- Update
patches.suse/crypto-seqiv-Do-not-use-req-iv-after-crypto_aead_enc.patch
(git-fixes CVE-2025-71131 bsc#1256742).
- Update
patches.suse/dmaengine-idxd-fix-device-leaks-on-compat-bind-and-u.patch
(git-fixes CVE-2025-71163 bsc#1257215).
- Update
patches.suse/dmaengine-tegra-adma-Fix-use-after-free.patch
(git-fixes CVE-2025-71162 bsc#1257204).
- Update
patches.suse/drm-i915-gem-Zero-initialize-the-eb.vma-array-in-i91.patch
(git-fixes CVE-2025-71130 bsc#1256741).
- Update
patches.suse/drm-msm-dpu-Add-missing-NULL-pointer-check-for-pingp.patch
(git-fixes CVE-2025-71138 bsc#1256785).
- Update
patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch
(git-fixes CVE-2025-68789 bsc#1256781).
- Update
patches.suse/idpf-Fix-RSS-LUT-NULL-pointer-crash-on-early-ethtool.patch
(CVE-2026-22993 bsc#1257180 CVE-2026-22985 bsc#1257277).
- Update
patches.suse/interconnect-Don-t-access-req_list-while-it-s-being-.patch
(CVE-2023-54013 bsc#1256280 CVE-2024-27005 bsc#1223800).
- Update
patches.suse/net-can-j1939-j1939_xtp_rx_rts_session_active-deacti.patch
(git-fixes CVE-2026-22997 bsc#1257202).
- Update
patches.suse/net-nfc-fix-deadlock-between-nfc_unregister_device-a.patch
(git-fixes CVE-2025-71079 bsc#1256619).
- Update
patches.suse/net-rose-fix-invalid-array-index-in-rose_kill_by_dev.patch
(git-fixes CVE-2025-71086 bsc#1256625).
- Update
patches.suse/net-usb-rtl8150-fix-memory-leak-on-usb_submit_urb-fa.patch
(git-fixes CVE-2025-71154 bsc#1257163).
- Update
patches.suse/powerpc-kexec-Enable-SMT-before-waking-offline-CPUs.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
bsc#1256730).
- Update
patches.suse/smc91x-fix-broken-irq-context-in-PREEMPT_RT.patch
(git-fixes CVE-2025-71132 bsc#1256737).
- Update
patches.suse/spi-fsl-cpm-Check-length-parity-before-switching-to-.patch
(git-fixes CVE-2025-68773 bsc#1256586).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch
(stable-fixes CVE-2025-68254 bsc#1255140).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch
(stable-fixes CVE-2025-68256 bsc#1255138).
- Update
patches.suse/usb-phy-isp1301-fix-non-OF-device-reference-imbalanc.patch
(git-fixes CVE-2025-71145 bsc#1257155).
- Update
patches.suse/usb-typec-ucsi-Handle-incorrect-num_connectors-capab.patch
(stable-fixes CVE-2025-71108 bsc#1256774).
- Update
patches.suse/via_wdt-fix-critical-boot-hang-due-to-unnamed-resour.patch
(stable-fixes CVE-2025-71114 bsc#1256752).
- Update
patches.suse/wifi-avoid-kernel-infoleak-from-struct-iw_point.patch
(git-fixes CVE-2026-22978 bsc#1257227).
- Update
patches.suse/wifi-rtlwifi-8192cu-fix-tid-out-of-range-in-rtl92cu_.patch
(git-fixes CVE-2025-71100 bsc#1256593).
- commit 856d20b
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- commit b73475a
- net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv
(CVE-2026-22996).
- net/mlx5e: Fix crash on profile change rollback failure
(CVE-2026-23000 bsc#1257234).
- commit 46ccefc
- Refresh patches.suse/gpio-rockchip-Stop-calling-pinctrl-for-set_direction.patch
- commit 6b7cadf
- Refresh patches.suse/drm-imx-tve-fix-probe-device-leak.patch.
- commit 2ce383c
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit bcf0129
- gpio: rockchip: Stop calling pinctrl for set_direction
(git-fixes).
- commit 8cea9c9
- btrfs: do not strictly require dirty metadata threshold for
metadata writepages (stable-fixes).
- commit b83c55a
- ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion
(git-fixes).
- ASoC: fsl: imx-card: Do not force slot width to sample width
(git-fixes).
- commit 6d4f48b
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule()
(git-fixes).
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes).
- drm/nouveau/disp: Set
drm_mode_config_funcs.atomic_(check|commit) (stable-fixes).
- commit 3d95c47
- can: gs_usb: gs_usb_receive_bulk_callback(): fix error message
(git-fixes).
- commit 4d9fa09
- gpio: omap: do not register driver in probe() (git-fixes).
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/amd/pm: fix race in power state check before mutex lock
(git-fixes).
- drm/amdgpu: fix NULL pointer dereference in
amdgpu_gmc_filter_faults_remove (git-fixes).
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro
(stable-fixes).
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA
(stable-fixes).
- spi: spi-sprd-adi: Fix double free in probe error path
(git-fixes).
- ALSA: ctxfi: Fix potential OOB access in audio mixer handling
(stable-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on
usb_submit_urb() error (git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset during power on
(stable-fixes).
- USB: serial: ftdi_sio: add support for PICAXE AXE027 cable
(stable-fixes).
- USB: serial: option: add Telit LE910 MBIM composition
(stable-fixes).
- USB: OHCI/UHCI: Add soft dependencies on ehci_platform
(stable-fixes).
- usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS
descriptor (stable-fixes).
- usb: dwc3: Check for USB4 IP_NAME (stable-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd: Clean up kfd node on surprise disconnect
(stable-fixes).
- ASoC: codecs: wsa881x: fix unnecessary initialisation
(git-fixes).
- HID: usbhid: paper over wrong bNumDescriptor field
(stable-fixes).
- ASoC: codecs: wsa881x: Drop unused version readout
(stable-fixes).
- spi: sprd-adi: switch to use spi_alloc_host() (stable-fixes).
- spi: sprd: adi: Use devm_register_restart_handler()
(stable-fixes).
- commit 81840a7
- io_uring/poll: correctly handle io_poll_add() return value on
update (CVE-2025-71149 bsc#1257164).
- commit e38f4cf
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit 37c126f
- scripts: obsapi: Support URL trailing / in oscrc
- commit 596ed59
- scripts: uploader: Handle missing upstream in is_pr_open
- commit e7d7408
- net: sock: fix hardened usercopy panic in sock_recv_errqueue
(CVE-2026-22977 bsc#1257053).
- ipv4: Fix reference count leak when using error routes with
nexthop objects (CVE-2025-71097 bsc#1256607).
- net: stmmac: fix the crash issue for zero copy XDP_TX action
(CVE-2025-71095 bsc#1256605).
- ethtool: Avoid overflowing userspace buffer on stats query
(CVE-2025-68795 bsc#1256688).
- bnxt_en: Fix XDP_TX path (CVE-2025-68770 bsc#1256584).
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast
route stats (CVE-2025-68800 bsc#1256646).
- mlxsw: spectrum_router: Fix neighbour use-after-free
(CVE-2025-68801 bsc#1256653).
- lan966x: Fix sleeping in atomic context (CVE-2025-68320
bsc#1255172).
- commit 6580707
- ice: fix PTP cleanup on driver removal in error path
(CVE-2025-68215 bsc#1255226).
- commit 5a32ad2
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit d911768
- ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011
bsc#1257207).
- commit dcc6c91
- wifi: mac80211: correctly decode TTLM with default link map
(git-fixes).
- nfc: nci: Fix race between rfkill and nci_unregister_device()
(git-fixes).
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes).
- net: wwan: t7xx: fix potential skb->frags overflow in RX path
(git-fixes).
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete
(git-fixes).
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work
(git-fixes).
- commit 6907fd9
- smack: fix bug: unprivileged task can create labels (CVE-2025-68733 bsc#1255615).
- commit 4193ba7
- idpf: Fix RSS LUT NULL ptr issue after soft reset
(CVE-2026-22993 bsc#1257180).
- idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
(CVE-2026-22993 bsc#1257180).
- commit f308569
- idpf: Fix RSS LUT NULL ptr issue after soft reset
(CVE-2026-22993 bsc#1257180).
- idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
(CVE-2026-22993 bsc#1257180).
- commit bb6b853
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit 35a165f
- gve: defer interrupt enabling until NAPI registration
(CVE-2025-71156 bsc#1257167).
- commit df5b61b
- kabi: export inet_frag_rbtree_purge() function again
(CVE-2025-68768 bsc#1256579).
- commit d066c8d
- inet: frags: flush pending skbs in fqdir_pre_exit()
(CVE-2025-68768 bsc#1256579).
- inet: frags: add inet_frag_queue_flush() (CVE-2025-68768
bsc#1256579).
- commit 3c0c564
- mptcp: fallback earlier on simult connection (CVE-2025-71088
bsc#1256630).
- commit daab93c
- scripts: uploader: Fix no change condition for _maintainership.json
- commit 792d98c
- RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (CVE-2025-71157 bsc#1257168)
- commit 1e51f3a
- =?UTF-8?q?net:=20phy:=20Introduce=20PHY=5FID=5FSIZE=20?=
=?UTF-8?q?=E2=80=94=20minimum=20size=20for=20PHY=20ID=20string?=
(CVE-2025-71094 bsc#1256597).
- commit b3acbda
- net/sched: ets: Remove drr class from the active list if it
changes to strict (CVE-2025-68815 bsc#1256680).
- commit f0fee57
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit 8f4860d
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (git-fixes).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (git-fixes).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Add support for auxiliary device servicing events (git-fixes).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (git-fixes).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- commit d6908f3
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive
aggregate in qfq_reset (CVE-2026-22976 bsc#1257035).
- commit 1b89834
- usb: renesas_usbhs: Fix synchronous external abort on unbind
(CVE-2025-68327 bsc#1255488).
- commit a41f3aa
- net: usb: asix: validate PHY address before use (CVE-2025-71094
bsc#1256597).
- net: usb: asix: ax88772: Increase phy_name size (CVE-2025-71094
bsc#1256597).
- commit addbe43
- selftests/bpf: Fix flaky bpf_cookie selftest (git-fixes).
- commit de8fecf
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- commit b6299d5
- scripts: uploader: Only reset branch when there is no open PR
Resetting the branch closes any PR which is disruptive.
With project repositories that get a lot of changes this would reset too
often if reset was enabled causing unmergeable PRs.
Yet it is necessary to reset to be able to get up-to-date state for a
new PR.
With this branch reset can be enabled for maintainership update.
- commit 60e8156
- selftests/bpf: use simply-expanded variables for libpcap flags
(bsc#1255552 CVE-2025-68363).
- commit 2c7feb9
- selftests/bpf: ns_current_pid_tgid: Rename the test function
(bsc#1255552 CVE-2025-68363).
- commit 4f40cc9
- selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test
(bsc#1255552 CVE-2025-68363).
- Refresh
patches.suse/selftests-bpf-Clean-up-open-coded-gettid-syscall-inv.patch.
- commit 0d13544
- selftests/bpf: tc_links/tc_opts: Unserialize tests (bsc#1255552
CVE-2025-68363).
- selftests/bpf: Optionally open a dedicated namespace to run
test in it (CVE-2025-68363 bsc#1255552).
- commit 5773a45
- perf/x86/amd: Check event before enable to avoid GPF
(bsc#1256689 CVE-2025-68798).
- commit 122c93e
- selftests/bpf: Optionally open a dedicated namespace to run
test in it (CVE-2025-68363 bsc#1255552).
- commit 7fc3edd
- selftests/bpf: Monitor traffic for select_reuseport
(CVE-2025-68363 bsc#1255552).
- commit 7687d07
- selftests/bpf: Monitor traffic for sockmap_listen
(CVE-2025-68363 bsc#1255552).
- commit 200e7d4
- selftests/bpf: Monitor traffic for tc_redirect (CVE-2025-68363
bsc#1255552).
- commit ef95f02
- selftests/bpf: netns_new() and netns_free() helpers
(CVE-2025-68363 bsc#1255552).
- Refresh
patches.suse/selftests-bpf-Fix-backtrace-printing-for-selftests-c.patch.
- commit 6ac10b7
- selftests/bpf: Add the traffic monitor option to test_progs
(CVE-2025-68363 bsc#1255552).
- commit 24382fe
- selftests/bpf: Add traffic monitor functions (CVE-2025-68363
bsc#1255552).
- commit c7346b8
- blk-cgroup: fix possible deadlock while configuring policy
(CVE-2025-68178 bsc#1255266).
- commit 3f4a2e3
- bpf: Add bpf_prog_run_data_pointers() (bsc#1255241
CVE-2025-68200).
- commit 3454614
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- commit 6def8a1
- e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093
bsc#1256777).
- net/mlx5: fw_tracer, Validate format string parameters
(CVE-2025-68816 bsc#1256674).
- commit 53c77db
- ceph: fix crash in process_v2_sparse_read() for encrypted directories (CVE-2025-68297 bsc#1255403).
- commit de1a69a
- x86: make page fault handling disable interrupts properly
(git-fixes).
- commit e28ac6a
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 3382537
- libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388).
- commit 592067a
- kABI workaround for tpm_chip changes (CVE-2025-71077
bsc#1256613).
- commit 66e0457
- tpm: Cap the number of PCR banks (CVE-2025-71077 bsc#1256613).
- commit 727f4b1
- selftests: net: fib-onlink-tests: Convert to use namespaces
by default (bsc#1255346).
- commit c2a5f76
- Delete
patches.suse/selftests-net-fib-onlink-tests-Set-high-metric-for-d.patch.
- commit 755a7f6
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()
(git-fixes).
- commit 7e4403b
- NFSD: Fix permission check for read access to executable-only
files (git-fixes).
- commit 2ce0763
- nfsd: Drop the client reference in client_states_open()
(git-fixes).
- commit 8226664
- svcrdma: return 0 on success from svc_rdma_copy_inline_range
(git-fixes).
- commit d34b05e
- NFSD: use correct reservation type in nfsd4_scsi_fence_client
(git-fixes).
- commit 2de8cf6
- NFSD/blocklayout: Fix minlength check in proc_layoutget
(git-fixes).
- commit 91340f9
- NFS: Fix up the automount fs_context to use the correct cred
(git-fixes).
- commit 99b1550
- NFSv4: ensure the open stateid seqid doesn't go backwards
(git-fixes).
- commit ca47c84
- exfat: fix remount failure in different process environments
(git-fixes).
- commit ec2e76f
- exfat: check return value of sb_min_blocksize in
exfat_read_boot_sector (git-fixes).
- commit 99696d0
- w1: fix redundant counter decrement in w1_attach_slave_device()
(git-fixes).
- w1: therm: Fix off-by-one buffer overflow in alarms_store
(git-fixes).
- comedi: dmm32at: serialize use of paged registers (git-fixes).
- uacce: ensure safe queue release with state management
(git-fixes).
- uacce: implement mremap in uacce_vm_ops to return -EPERM
(git-fixes).
- uacce: fix isolate sysfs check condition (git-fixes).
- uacce: fix cdev handling in the cleanup path (git-fixes).
- slimbus: core: fix of_slim_get_device() kernel doc (git-fixes).
- slimbus: core: fix device reference leak on report present
(git-fixes).
- slimbus: core: fix runtime PM imbalance on report present
(git-fixes).
- slimbus: core: fix OF node leak on registration failure
(git-fixes).
- intel_th: fix device leak on output open() (git-fixes).
- comedi: Fix getting range information for subdevices 16 to 255
(git-fixes).
- iio: accel: iis328dq: fix gain values (git-fixes).
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl
(git-fixes).
- iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without
event detection (git-fixes).
- iio: adc: ad9467: fix ad9434 vref mask (git-fixes).
- iio: adc: ad7280a: handle spi_setup() errors in probe()
(git-fixes).
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in
sama5d2_adc driver (git-fixes).
- serial: 8250_pci: Fix broken RS485 for F81504/508/512
(git-fixes).
- comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes).
- commit 50f3b9f
- bpf: Do not let BPF test infra emit invalid GSO types to stack
(bsc#1255569).
- commit 1df0a4e
- platform/x86: hp-bioscfg: Fix automatic module loading
(git-fixes).
- platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID
macro (git-fixes).
- platform/x86: hp-bioscfg: Fix kobject warnings for empty
attribute names (git-fixes).
- platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes).
- drm/imagination: Wait for FW trace update command completion
(git-fixes).
- commit de62d29
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function
(git-fixes).
- mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in
HS200/HS400 mode (git-fixes).
- regmap: Fix race condition in hwspinlock irqsave routine
(git-fixes).
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(git-fixes).
- ALSA: scarlett2: Fix buffer overflow in config retrieval
(git-fixes).
- ALSA: usb: Increase volume range that triggers a warning
(git-fixes).
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2)
(git-fixes).
- drm/amd/pm: Don't clear SI SMC table when setting power limit
(git-fixes).
- drm/nouveau: implement missing DCB connector types; gracefully
handle unknown connectors (git-fixes).
- drm/nouveau: add missing DCB connector types (git-fixes).
- commit 03d895b
- io_uring: fix filename leak in __io_openat_prep()
(CVE-2025-68814 bsc#1256651).
- commit 4d3284d
- drm/amd/pm: fix smu overdrive data type wrong issue on smu
14.0.2 (git-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd: Clean up kfd node on surprise disconnect
(stable-fixes).
- commit 6d02dff
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (CVE-2025-71137 bsc#1256760)
- commit f080c28
- net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654)
- commit d8f982b
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547)
- commit 31c810e
- team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773)
- commit fb6bd76
- md/raid5: fix possible null-pointer dereferences in
raid5_store_group_thread_cnt() (CVE-2025-71135 bsc#1256761).
- commit 06431f4
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
bsc#1256612).
- commit 74dac8b
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- net/handshake: duplicate handshake cancellations leak socket
(CVE-2025-68775 bsc#1256665).
- commit 5f03ae0
- wifi: mac80211: don't perform DA check on S1G beacon
(git-fixes).
- commit 99fd461
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (git-fixes).
- dpll: Prevent duplicate registrations (git-fixes).
- wifi: ath12k: fix dma_free_coherent() pointer (git-fixes).
- wifi: ath10k: fix dma_free_coherent() pointer (git-fixes).
- wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize()
(git-fixes).
- wifi: rsi: Fix memory corruption due to not set vif driver
data size (git-fixes).
- usbnet: limit max_mtu based on device's hard_mtu (git-fixes).
- mISDN: annotate data-race around dev->work (git-fixes).
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory
leak (git-fixes).
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory
leak (git-fixes).
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB
memory leak (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
(git-fixes).
- Revert "nfc/nci: Add the inconsistency check between the input
data length and count" (git-fixes).
- net: usb: dm9601: remove broken SR9700 support (git-fixes).
- leds: led-class: Only Add LED to leds_list when it is fully
ready (git-fixes).
- dpll: fix device-id-get and pin-id-get to return errors properly
(git-fixes).
- dpll: spec: add missing module-name and clock-id to pin-get
reply (git-fixes).
- dpll: fix return value check for kmemdup (git-fixes).
- dpll: indent DPLL option type by a tab (git-fixes).
- commit 0acacf9
- drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339)
- commit 42c8fa8
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- commit 2f69405
- mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257
bsc#1254842).
- commit 83400eb
- fsnotify: do not generate ACCESS/MODIFY events on child for
special files (bsc#1256638 CVE-2025-68788).
- commit 6b6945d
- ext4: xattr: fix null pointer deref in ext4_raw_inode()
(bsc#1256754 CVE-2025-68820).
- commit 8f80a8b
- ext4: fix string copying in parse_apply_sb_mount_options()
(bsc#1256757 CVE-2025-71123).
- commit bd1f757
- ext4: add i_data_sem protection in
ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261).
- commit 835edb6
- nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372).
- commit 4a0d1d2
- nbd: defer config unlock in nbd_genl_connect (bsc#1255622
CVE-2025-68366).
- commit 7dc2ba0
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when
file system corrupted (bsc#1255482 CVE-2025-68337).
- commit dea6220
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop
(CVE-2025-68325 bsc#1255417).
- commit 0e9df03
- tcp: use dst_dev_rcu() in
tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188
bsc#1255269).
- commit 36ba28e
- net: ipv6: fix field-spanning memcpy warning in AH output
(CVE-2025-40363 bsc#1255102).
- commit b54ffd4
- ipv4: route: Prevent rt_bind_exception() from rebinding stale
fnhe (CVE-2025-68241 bsc#1255157).
- net: netpoll: fix incorrect refcount handling causing incorrect
cleanup (CVE-2025-68245 bsc#1255268).
- commit f673593
- Refresh patches.suse/dmaengine-idxd-Fix-refcount-underflow-on-module-unlo.patch
Fix the missing cleanup, folding the upsteram stable 6.12.y fix
(commit d28c1b1566a1) into the backport patch itself.
- commit d2ae2ac
- of: fix reference count leak in of_alias_scan() (git-fixes).
- of: platform: Use default match table for /firmware (git-fixes).
- ata: libata: Add cpr_log to ata_dev_print_features() early
return (git-fixes).
- commit 403f41b
- NFSD: NFSv4 file creation neglects setting ACL (CVE-2025-68803
bsc#1256770).
- commit cae9b7a
- nfsd: set security label during create operations
(CVE-2025-68803 bsc#1256770).
- commit 8ee0c2b
- RDMA/irdma: avoid invalid read in irdma_net_event (CVE-2025-71133 bsc#1256733)
- commit c4b2e81
- RDMA/cm: Fix leaking the multicast GID table reference (CVE-2025-71084 bsc#1256622)
- commit 695ad1f
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT
(CVE-2025-71080 bsc#1256608).
- commit d2e316c
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779).
- commit 400a381
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 386a47a
- arp: do not assume dev_hard_header() does not change skb->head
(CVE-2025-71098 bsc#1256591).
- ip6_gre: make ip6gre_header() robust (CVE-2025-71098
bsc#1256591).
- commit 0de7076
- sched/rt: Skip group schedulable check with rt_group_sched=0
(bsc#1256568).
- commit 3119d3b
- Refresh
patches.suse/pre-v6.12-sched-Move-default-rt_bandwidth-to-root_task_group.patch. (bsc#1256568)
rt/group: Propagate global rt_runtime into root_task_group rqs
Update root group rq's rt_runtime amount so that it matches the global
RT throttling amount after update. It'd be eventually refilled from
do_sched_rt_period_timer() but when the timer is idle the change would
not propagate and one period may be miss-throttled.
- commit 09fa5a4
- Refresh
patches.suse/pre-v6.12-sched-Move-default-rt_bandwidth-to-root_task_group.patch. (bsc#1256568)
rt/group: Fix schedulability check with global RT limit
The global RT limit is stored in the root task_group so when the limit
is being lowered, the new value would be validated against the old one
(in sysctl_*) and never pass. But because we unified the global RT limit
with root task_group's limit, carry out the schedulability test as if
global values were configured to the root_task_group (they eventually
are).
- commit 1a0d83b
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit 4190209
- dmaengine: apple-admac: Add "apple,t8103-admac" compatible
(git-fixes).
- dmaengine: omap-dma: fix dma_pool resource leak in error paths
(git-fixes).
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()
(git-fixes).
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes).
- dmaengine: xilinx_dma: Fix uninitialized addr_width when
"xlnx,addrwidth" property is missing (git-fixes).
- dmaengine: tegra-adma: Fix use-after-free (git-fixes).
- dmaengine: ti: k3-udma: fix device leak on udma lookup
(git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on am335x route
allocation (git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route
allocation (git-fixes).
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation
(git-fixes).
- dmaengine: idxd: fix device leaks on compat bind and unbind
(git-fixes).
- dmaengine: dw: dmamux: fix OF node leak on route allocation
failure (git-fixes).
- dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes).
- dmaengine: at_hdmac: fix device leak on of_dma_xlate()
(git-fixes).
- dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes).
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7
(git-fixes).
- phy: rockchip: inno-usb2: fix communication disruption in
gadget mode (git-fixes).
- phy: rockchip: inno-usb2: fix disconnection in gadget mode
(git-fixes).
- phy: stm32-usphyc: Fix off by one in probe() (git-fixes).
- commit c2d8602
- Remove patches.suse/0001-drm-fbcon-vga_switcheroo-Avoid-race-condition-in-fbc.patch
- commit 462d775
- gpio: pca953x: fix wrong error probe return value (git-fixes).
- commit df5f5f1
- drm/amdgpu: Fix query for VPE block_type and ip_count
(stable-fixes).
- drm/amd/display: Apply e4479aecf658 to dml (stable-fixes).
- drm/amdkfd: Fix improper NULL termination of queue restore
SMI event string (stable-fixes).
- drm/amd/display: shrink struct members (stable-fixes).
- drm/amd/display: Respect user's CONFIG_FRAME_WARN more for
dml files (stable-fixes).
- commit 1aaadcf
- gpio: pca953x: Utilise temporary variable for struct device
(stable-fixes).
- Refresh
patches.suse/gpio-pca953x-log-an-error-when-failing-to-get-the-re.patch.
- commit b07f679
- lib/crypto: aes: Fix missing MMU protection for AES S-box
(git-fixes).
- mei: me: add nova lake point S DID (stable-fixes).
- gpio: pca953x: handle short interrupt pulses on PCAL devices
(git-fixes).
- drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
(stable-fixes).
- ASoC: fsl_sai: Add missing registers to cache default
(stable-fixes).
- ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
(stable-fixes).
- ALSA: usb-audio: Update for native DSD support quirks
(stable-fixes).
- drm/amd/display: Fix DP no audio issue (stable-fixes).
- powercap: fix sscanf() error return value handling
(stable-fixes).
- powercap: fix race condition in register_control_type()
(stable-fixes).
- can: j1939: make j1939_session_activate() fail if device is
no longer registered (stable-fixes).
- mei: me: add wildcat lake P DID (stable-fixes).
- gpio: pca953x: Add support for level-triggered interrupts
(stable-fixes).
- gpio: pca953x: Utilise dev_err_probe() where it makes sense
(stable-fixes).
- commit 46ebab7
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- commit fae1ed0
- ASoC: codecs: wsa881x: fix unnecessary initialisation
(git-fixes).
- commit 7c749f7
- ASoC: codecs: wsa883x: fix unnecessary initialisation
(git-fixes).
- commit 9ad50cc
- drm/amd/display: Initialise backlight level values from hw
(git-fixes).
- commit c2d3b2d
- drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions
(git-fixes).
- commit 9168dd5
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare
(git-fixes).
- drm/panel-simple: fix connector type for DataImage
SCF0700C48GGU18 panel (git-fixes).
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add()
(git-fixes).
- drm/amdkfd: fix a memory leak in device_queue_manager_init()
(git-fixes).
- ASoC: tlv320adcx140: fix word length (git-fixes).
- ASoC: tlv320adcx140: fix null pointer (git-fixes).
- ASoC: codecs: wsa884x: fix codec initialisation (git-fixes).
- commit b212696
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync
flags (CVE-2025-68764 bsc#1255930).
- commit 84f3f58
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (CVE-2025-68776 bsc#1256659)
- commit 86f02f8
- fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365 bsc#1255548)
- commit 354fd40
- ntfs3: fix uninit memory after failed mi_read in mi_format_new (CVE-2025-68728 bsc#1255539)
- commit 3c62fa0
- iavf: fix off-by-one issues in iavf_config_rss_reg()
(CVE-2025-71087 bsc#1256628).
- commit 8d4da32
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695)
- commit 8aea2cc
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- commit eb0fac0
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863).
- scsi: qla2xxx: Fix bsg_done() causing double free
(bsc#1256863).
- scsi: qla2xxx: Query FW again before proceeding with login
(bsc#1256863).
- scsi: qla2xxx: Validate sp before freeing associated memory
(bsc#1256863).
- scsi: qla2xxx: Free sp in error path to fix system crash
(bsc#1256863).
- scsi: qla2xxx: Delay module unload while fabric scan in progress
(bsc#1256863).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863).
- scsi: qla2xxx: Add bsg interface to support firmware img
validation (bsc#1256863).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h
(bsc#1256863).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx
(bsc#1256863).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863).
- scsi: qla2xxx: Add Speed in SFP print information
(bsc#1256863).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861).
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get()
(bsc#1256861).
- commit da9bd89
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839).
- commit 95251dd
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544).
- commit fea667d
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit 238038b
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit b6c7c30
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate
session upon receiving the second rts (git-fixes).
- can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher
than 1 MBit (git-fixes).
- can: etas_es58x: allow partial RX URB allocation to succeed
(git-fixes).
- commit 6e93ffe
- ntfs3: Fix uninit buffer allocated by __getname() (CVE-2025-68727 bsc#1255568)
- commit 97681c7
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit fdc5baf
- interconnect: Don't access req_list while it's being manipulated
(CVE-2023-54013 bsc#1256280).
- commit 397aee1
- interconnect: Fix locking for runpm vs reclaim (CVE-2023-54013
bsc#1256280).
- commit bacbc82
- cpuset: fix warning when disabling remote partition
(bsc#1256794).
- commit 760a28c
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit 7a5edbb
- mptcp: Fix proto fallback detection with BPF (CVE-2025-68227
bsc#1255216).
- commit 557d74c
- sysfs: check visibility before changing group attribute
ownership (CVE-2025-40355 bsc#1255261).
- commit 7b1e9ed
- x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171
bsc#1255255).
- commit 265a09f
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- commit 87d4295
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl()
(git-fixes).
- nvmet-auth: update sc_c in target host hash calculation
(git-fixes).
- nvmet-auth: update sc_c in host response (git-fixes).
- commit 1ece4fd
- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134 CVE-2025-68230)
- commit 19b936b
- net: atlantic: fix fragment overflow handling in RX path
(CVE-2025-68301 bsc#1255120).
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: openvswitch: remove never-working support for setting
nsh fields (CVE-2025-40254 bsc#1254852).
- net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238
bsc#1254871).
- net/mlx5e: RX, Fix generating skb from non-linear xdp_buff
for striding RQ (CVE-2025-40350 bsc#1255260).
- commit 07231fa
- drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095 CVE-2025-40360)
- commit adae9ca
- amd/amdkfd: enhance kfd process check in switch partition
(CVE-2025-68174 bsc#1255327).
- commit 9e3bffb
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131).
- commit a195e39
- selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when
transport_header is not set (CVE-2025-68363 bsc#1255552).
- commit 742de98
- bpf: Check skb->transport_header is set in bpf_skb_check_mtu
(CVE-2025-68363 bsc#1255552).
- commit f6cdd52
- drm/amdgpu: remove two invalid BUG_ON()s (CVE-2025-68201 bsc#1255136)
- commit 9a27d5e
- Refresh
patches.suse/cifs-after-disabling-multichannel-mark-tcon-for-reconnect.patch.
- Refresh
patches.suse/cifs-avoid-redundant-calls-to-disable-multichannel.patch.
- Refresh
patches.suse/cifs-cifs_pick_channel-should-try-selecting-active-channels.patch.
- Refresh
patches.suse/cifs-deal-with-the-channel-loading-lag-while-picking-channels.patch.
- Refresh
patches.suse/cifs-dns-resolution-is-needed-only-for-primary-channel.patch.
- Refresh
patches.suse/cifs-do-not-search-for-channel-if-server-is-terminating.patch.
- Refresh
patches.suse/cifs-fix-a-pending-undercount-of-srv_count.patch.
- Refresh
patches.suse/cifs-fix-lock-ordering-while-disabling-multichannel.patch.
- Refresh
patches.suse/cifs-fix-stray-unlock-in-cifs_chan_skip_or_disable.patch.
- Refresh
patches.suse/cifs-fix-use-after-free-for-iface-while-disabling-secondary-channel.patch.
- Refresh
patches.suse/cifs-handle-when-server-stops-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-reconnect-worker-should-take-reference-on-server-struct-uncond.patch.
- Refresh
patches.suse/cifs-reset-connections-for-all-channels-when-reconnect-requested.patch.
- Refresh
patches.suse/cifs-reset-iface-weights-when-we-cannot-find-a-candidate.patch.
- Refresh
patches.suse/smb-client-fix-cifs_pick_channel-when-channel-needs-reconnect.patch.
- Refresh
patches.suse/smb-client-introduce-close_cached_dir_locked-.patch.
- Refresh
patches.suse/smb3-add-missing-null-server-pointer-check.patch.
- commit 966613b
- cifs: fix use after free for iface while disabling secondary
channels (git-fixes).
- commit dfe1d44
- cifs: reconnect worker should take reference on server struct
unconditionally (git-fixes).
- Refresh
patches.suse/cifs-handle-servers-that-still-advertise-multichannel-after-disabli.patch.
- Refresh
patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch.
- commit a6f7e74
- Refresh
patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch.
- commit f14b40c
- cifs: avoid redundant calls to disable multichannel (git-fixes).
- smb3: add missing null server pointer check (git-fixes).
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch.
- Refresh
patches.suse/cifs-serialize-other-channels-when-query-server-interfaces-is-pendi.patch.
- commit 6f71d7c
- cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes).
- commit 9d297d5
- cifs: do not search for channel if server is terminating
(git-fixes).
- commit 1796cf0
- cifs: handle servers that still advertise multichannel after
disabling (git-fixes).
- cifs: serialize other channels when query server interfaces
is pending (git-fixes).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch.
- Refresh
patches.suse/cifs-make-sure-that-channel-scaling-is-done-only-once.patch.
- Refresh
patches.suse/smb-client-get-rid-of-nlsc-param-in-cifs_tree_connect-.patch.
- Refresh
patches.suse/smb3-fix-for-slab-out-of-bounds-on-mount-to-ksmbd.patch.
- commit e76704e
- smb: client: fix cifs_pick_channel when channel needs reconnect
(git-fixes).
- commit 59edbd9
- cifs: cifs_pick_channel should try selecting active channels
(git-fixes).
- commit 3f9ba92
- sqlite3
-
- Sync version 3.51.2 from Factory:
* CVE-2025-7709, bsc#1254670: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- systemd
-
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 75eab961ea843dc161707d4af0789b018d499676
- 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- Import commit 5caaa71f4a7b00e6a6ceb396d08486af73687d45
9ecd162284 timer: rebase last_trigger timestamp if needed
cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run
c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563)
05bcfe3295 test: check the next elapse timer timestamp after deserialization
fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no
files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the
services. It can be safely removed once the update is complete.
- Import commit 00ba3646e6cb3ce40bb3de3e92f93ebec0adce6d
e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
b58e72215a units: add dep on systemd-logind.service by user@.service
97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449)
- mdadm
-
- Update to version 4.4+31.g541b40d3:
* fix crash with homehost=none (bsc#1254541)
- Update to version 4.4+30.g9a59bf51:
* mdcheck: work around bash 5.3 bug (bsc#1254087)
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- suse-module-tools
-
- Update to version 15.7.10:
* udev rules: write block queue attributes only if necessary
(bsc#1254928)
- Update to version 15.7.9:
* 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents
(bsc#1254264)
* udev: use systemd service to remount tmpfs (bsc#1253679)
- xen
-
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
6978b5a5-x86-shadow-dont-overrun-trace_emul_write_val.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
6978b5bf-x86-spec-ctrl-incomplete-IBPB-at-cswitch.patch
- Upstream bug fixes (bsc#1027519)
691b3550-x86-ucode-add-rows-to-entrysign-table.patch
69247713-x86-ucode-error-handling-parallel.patch
6926be59-x86-vMSI-X-refcount.patch
6926e01d-x86-vHPET-IRQ-route-sanitization.patch
692896dc-x86-AMD-Zenbleed-mitigation-static.patch
692dc059-x86-AMD-DE_CFG-editing.patch
693a85c2-x86-PoD-decrease_reservation-clearing-M2P.patch
693a85d6-x86-update-log-dirty-bitmap-when-.patch
695f816a-x86-HVM-more-strict-XENMAPSPACE_gmfn-source-types.patch
6964e408-x86-retval-of-has_if_pschange_mc.patch
6978c4b0-x86-AMD-fold-another-DE_CFG-edit.patch
- Dropped in favor of upstream patch
xsa477.patch
xsa479.patch