- mozilla-nss
-
- Add bmo1990242.patch to move NSS DB password hash away from SHA-1
- update to NSS 3.112.2
* bmo#1970079 - Prevent leaks during pkcs12 decoding.
* bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
- Adding patch bmo1980465.patch to fix bug on s390x (bmo#1980465)
- Adding patch bmo1956754.patch to fix possible undefined behaviour (bmo#1956754)
- update to NSS 3.112.1
* bmo#1982742 - restore support for finding certificates by decoded serial number.
- libssh
-
- Security fix: [CVE-2025-8277, bsc#1249375]
* Memory Exhaustion via Repeated Key Exchange
* Add patches:
- libssh-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch
- libssh-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch
- libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch
- Security fix: [CVE-2025-8114, bsc#1246974]
* NULL pointer dereference when calculating session ID during KEX
* Add libssh-CVE-2025-8114.patch
- net-tools
-
- Drop old Fedora patch net-tools-1.60-interface_stack.patch. It
provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
by the upstream in 2025 in a different way. Revert interferring
net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
GHSA-w7jq-cmw2-cq59,
net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
net-tools-ax25+netrom-overflow-1.patch,
net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410,
net-tools-ifconfig-long-name-warning.patch).
- bind
-
- Security Fixes:
* Address various spoofing attacks.
[CVE-2025-40778, bsc#1252379, bind-9.11-CVE-2025-40778.patch]
- mozilla-nspr
-
- update to NSPR 4.36.2
* Fixed a syntax error in test file parsetm.c,
which was introduced in 4.36.1
- update to NSPR 4.36.1
* Incorrect time value produced by PR_ParseTimeString and
PR_ParseTimeStringToExplodedTime if input string doesn't
specify seconds.
- libpng12
-
- security update
- modified patches
* libpng-1.2.50-CVE-2013-7353.patch (-p1)
* libpng-1.2.50-CVE-2013-7354.patch (-p1)
* libpng12-CVE-2015-7981.patch (-p1)
* libpng12-CVE-2015-8126-complete.patch (-p1)
* libpng12-CVE-2015-8126.patch (-p1)
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng12-CVE-2025-64505.patch
- cairo
-
- Add cairo-CVE-2025-50422.patch:
Backport from William Bader's request 621, Fix NULL access
in active_edges_to_traps().
https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621/diffs
https://gitlab.freedesktop.org/williamb/cairo/-/commit/b5752618
(CVE-2025-50422, bsc#1247589)
- Add cairo-CVE-2019-6461.patch:
Avoid assert when drawing arcs with NaN angles.
(bsc#1122338 CVE_2019-6461 glfo@cairo/cairo#352)
- expat
-
- Fix CVE-2025-59375 / bsc#1249584.
- Add patch file:
* CVE-2025-59375.patch
- tiff
-
- security update:
* CVE-2025-8851 [bsc#1248278]
Fix stack-based buffer overflow vulnerability in
tools/tiffcrop.c function readSeparateStripsIntoBuffer() by
implementing additional error handling.
+ tiff-CVE-2025-8851.patch
- security update:
* CVE-2025-9900 [bsc#1250413]
Fix Write-What-Where in libtiff via TIFFReadRGBAImageOriented
+ tiff-CVE-2025-9900.patch
- security update:
* CVE-2025-8961 [bsc#1248117]
Fix segmentation fault via main function of tiffcrop utility
+ tiff-CVE-2025-8961.patch
- security update:
* CVE-2025-8534 [bsc#1247582]
Fix null pointer dereference in function PS_Lvl2page
+ tiff-CVE-2025-8534.patch
* CVE-2025-9165 [bsc#1248330]
Fix local execution manipulation can lead to memory leak
+ tiff-CVE-2025-9165.patch
- openssh
-
- Add openssh-cve-2025-61984-username-validation.patch
(bsc#1251198, CVE-2025-61984).
- glib2
-
- Add glib2-CVE-2025-7039.patch: fix computation of temporary file
name (bsc#1249055 CVE-2025-7039 glgo#GNOME/glib#3716).
- openssl-1_0_0
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- libxslt
-
- security update
- added patches
CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
* libxslt-CVE-2025-11731.patch
- propagate test failure into build failure
- added sources
* libxslt-test-results.ref
- bash
-
- Add patch bsc1245199.patch
* Fix histfile missing timestamp for the oldest record (bsc#1245199)
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0018-prep-CVE-2025-3576.patch
- Add patch 0019-CVE-2025-3576.patch
- cups
-
- cups-1.7.5-CVE-2025-61915.patch is based on
https://github.com/OpenPrinting/cups-ghsa-hxm8-vfpq-jrfc/pull/2
backported to CUPS 1.7.5 to fix CVE-2025-61915
"Local denial-of-service via cupsd.conf update
and related issues"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc
bsc#1253783
- In general regarding CUPS security issues and/or DoS issues see
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
- jasper
-
- bsc#1247904 CVE-2025-8835:
Fix NULL pointer dereference in function jas_image_chclrspc
Add jasper-CVE-2025-8835.patch
- bsc#1247902 CVE-2025-8836:
Fix assertion failure in the jpc_floorlog2 function
Add jasper-CVE-2025-8836.patch
- bsc#1247901 CVE-2025-8837:
Fix use-after-free in function jpc_dec_dump
Add jasper-CVE-2025-8837.patch
- amazon-ssm-agent
-
- Add CVE-2025-47913.patch to fix an SSH client process terminating
when receiving an unexpected message type in response to a key
listing or signing request (bsc#1253611, CVE-2025-47913)
- openssl-1_1
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- vim
-
- Fix for bsc#1229750.
- nocompatible must be set before the syntax highlighting is turned on.
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
- samba
-
- CVE-2025-9640: fix vfs_streams_xattr uninitialized memory write;
(bsc#1251279);(bso#15885).
- CVE-2025-10230: fix command Injection in WINS Server Hook Script;
(bsc#1251280);(bso#15903).
- xkbcomp
-
- 0001-xkbcomp-Don-t-crash-on-no-op-modmask-expressions.patch
(CVE-2018-15863, bsc#1105832)
- 0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch
(CVE-2018-15861, bsc#1105832)
- 0003-Fail-expression-lookup-on-invalid-atoms.patch
(CVE-2018-15859, bsc#1105832)
- 0004-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch
(CVE-2018-15853, bsc#1105832)
- rsync
-
- Fix bsc#1249363 - rsync client sometimes unable to list modules
* Fix order of arguments in rsync-fix-daemon-proto-32.patch
* Change spec fie to use %patch -P n -p1 syntax to conform to rpmlint
- python3
-
- Fix the build system with two patches:
- spc-tab-Makefile-pre-in.patch there are space-indended lines
in the Makefile.pre.in in tarball (!!!), fix that
- Modules_Setup.patch, Modules/makesetup script is kind of
broken (gh#python/cpython!4338 among others)
- time-static.patch make time module statically built into the
interpreter
- Add s390-build.patch to skip failing test on s390.
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Add also two small patches:
- lchmod-non-support.patch adding @requires_lchmod operator
for skipping tests on platforms were changing the mode of
symbolic links is supported (which it isn’t in SLE-12,
apparently).
- locale-test_float_with_commad.patch for decoding byte strings
in localeconv() for consistent output
- Update pip wheel to pip-20.2.3-py2.py3-none-any.whl.
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- Readjust patches while synchronizing between openSUSE and SLE trees:
- 99366-patch.dict-can-decorate-async.patch
- CVE-2007-4559-filter-tarfile_extractall.patch
- CVE-2020-10735-DoS-no-limit-int-size.patch
- CVE-2024-6232-ReDOS-backtrack-tarfile.patch
- CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- python-3.6.0-multilib-new.patch
- python3-sorted_tar.patch
- avahi
-
- Add avahi-CVE-2024-52615.patch:
Backport 4e2e1ea from upstream, Resolve fixed source ports for
wide-area DNS queries cause DNS responses be injected.
(CVE-2024-52615, bsc#1233421)
- pacemaker
-
- fencer: improve self-fencing logs (bsc#1249419)
* bsc#1249419-0002-Log-fencer-improve-self-fencing-logs.patch
- fenced: DC node fencing is unconditionally relayed. (bsc#1249419)
* bsc#1249419-0001-Mid-fenced-DC-node-fencing-is-unconditionally-relaye.patch
- libxml2
-
- security update
- added patches
https://gitlab.gnome.org/GNOME/libxml2/-/commit/852c93a2dc2224f020aab55a9702f992db404836
* libxml2-CVE-2025-9714-0.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/5153c7baceca65f575efdcbb0244860d97031f96
* libxml2-CVE-2025-9714-1.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/64115ed62dd01dab81a9157a54738523fe117333
* libxml2-CVE-2025-9714-2.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2d97a97aa515f1bd3efc35c8ea2aa68676c6f8e1
* libxml2-CVE-2025-9714-3.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/012f8e92847a4e5ff684e7bd8e81a0b1ad104e32
* libxml2-CVE-2025-9714-4.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/949eced484520bdde3348e55eba048501b809127
* libxml2-CVE-2025-9714-5.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/390f05e7033fa8658f310dce9704f4f88e84b7fe
* libxml2-CVE-2025-9714-6.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/429d4ecaae5d61d591f279220125a583836fb84e
* libxml2-CVE-2025-9714-7.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6f1470a5d6e3e369fe93f52d5760ba7c947f0cd1
* libxml2-CVE-2025-9714-8.patch
https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21
* libxml2-CVE-2025-9714.patch
- security update
- added patches
CVE-2025-8732 [bsc#1247850], infinite recursion in catalog parsing functions when processing malformed SGML catalog files
* libxml2-CVE-2025-8732.patch
- grub2
-
- Fix CVE-2025-54771 (bsc#1252931)
* 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
- Fix CVE-2025-61662 (bsc#1252933)
* 0002-gettext-gettext-Unregister-gettext-command-on-module.patch
- Fix CVE-2025-61663 (bsc#1252934)
- Fix CVE-2025-61664 (bsc#1252935)
* 0003-normal-main-Unregister-commands-on-module-unload.patch
* 0004-tests-lib-functional_test-Unregister-commands-on-mod.patch
- Fix CVE-2025-61661 (bsc#1252932)
* 0005-commands-usbtest-Use-correct-string-length-field.patch
* 0006-commands-usbtest-Ensure-string-length-is-sufficient-.patch
- Bump upstream SBAT generation to 6
- kernel-default
-
- Revert "fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033 CVE-2025-39967)"
This reverts commit ef5b27e0395e36f32d5881894b4deb2dc992343a.
- commit 541fc90
- Revert "fbcon: Fix OOB access in font allocation (bsc#1252033)"
This reverts commit d696663168f05fd9eb1b90bb1be489edf7001e6b.
- commit 3f75577
- wifi: ath9k: Fix potential stack-out-of-bounds write in
ath9k_wmi_rsp_callback() (CVE-2023-53717 bsc#1252560).
- commit 469787a
- net: sched: cls_u32: Undo tcf_bind_filter if
u32_replace_hw_knode (CVE-2023-53733 bsc#1252685).
- commit 308a4a1
- udf: Preserve link count of system files (bsc#1252539
CVE-2023-53695).
- commit c7818f7
- udf: Detect system inodes linked into directory hierarchy
(bsc#1252539 CVE-2023-53695).
- commit 9e1ad9a
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
(CVE-2025-40088 bsc#1252909).
- commit b682724
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(CVE-2025-40082 bsc#1252775).
- commit 71ba5db
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
(CVE-2025-40088 bsc#1252904).
- commit 3401643
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- commit 0f034b6
- bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078
bsc#1252789).
- commit 62aaf66
- Squashfs: fix uninit-value in squashfs_get_parent (bsc#1252822
CVE-2025-40049).
- commit acc9cea
- fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785 CVE-2025-40044).
- commit 7dc17e9
- drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1250764 CVE-2021-4460)
- commit 033f866
- pnode: terminate at peers of source (CVE-2022-50280 bsc#1249806)
- commit 628cc9e
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg (CVE-2025-39931 bsc#1251100).
- commit 904e401
- btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure (CVE-2022-50571 bsc#1252487)
- commit 8e09358
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (bsc#1252632 CVE-2023-53707)
- commit 73d1a0a
- Update
patches.suse/0086-dm-thin-Fix-UAF-in-run_timer_softirq.patch
(git-fixes CVE-2022-50563 bsc#1252480).
- Update patches.suse/hfs-fix-OOB-Read-in-__hfs_brec_find.patch
(git-fixes CVE-2022-50581 bsc#1252549).
- Update
patches.suse/md-raid1-fix-potential-OOB-in-raid1_remove_disk-8b04.patch
(git-fixes CVE-2023-53722 bsc#1252499).
- Update
patches.suse/s390-netiucv-Fix-return-type-of-netiucv_tx.patch
(git-fixes bsc#1212175 CVE-2022-50564 bsc#1252538).
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch
(git-fixes CVE-2023-53696 bsc#1252513).
- Update
patches.suse/scsi-ses-Fix-possible-addl_desc_ptr-out-of-bounds-accesses.patch
(git-fixes CVE-2023-7324 bsc#1252893).
- commit 6722787
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- commit d696663
- fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033 CVE-2025-39967)
- commit ef5b27e
- kABI fix for net: vlan: fix VLAN 0 refcount imbalance of
toggling filtering during runtime (CVE-2025-38470 bsc#1247288).
- commit 589d82f
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
(CVE-2025-39997 bsc#1252056).
- commit a51d8e6
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (CVE-2022-50505 bsc#1251086)
- commit 8687154
- drm/hisilicon/hibmc: fix the hibmc loaded failed bug (CVE-2025-39772 bsc#1249506)
- commit d8e1da7
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
(CVE-2025-40018 bsc#1252688).
- commit 69275ca
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1223475 CVE-2022-48631).
- commit 70236d6
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request()
(git-fixes).
- commit 757a6b5
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
(CVE-2025-39955 bsc#1251804).
- ipv6: Fix out-of-bounds access in ipv6_find_tlv()
(CVE-2023-53705 bsc#1252554).
- commit 171d7f3
- Revert "e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898"
This reverts commit 2836e8d8d652cc9b552b6399525f14e15353483b.
- commit 0a9731b
- Revert "Refresh"
This reverts commit 9531965fe99a2d5cc7f092699c30780cd95fe9e3.
- Revert "Refresh"
This reverts commit bbde1b2cc3e31ca5dab4e71e08f50d277c0dcf13.
- commit 1af8647
- md: fix soft lockup in status_resync (bsc1251318,
CVE-2023-53620).
- commit 8f3ae24
- i40e: add max boundary check for VF filters (CVE-2025-39968
bsc#1252047).
- i40e: fix idx validation in i40e_validate_queue_map
(CVE-2025-39972 bsc#1252039).
- i40e: add validation for ring_len param (CVE-2025-39973
bsc#1252035).
- qed: Don't collect too many protection override GRC elements
(CVE-2025-39949 bsc#1251177).
- commit bc08ffd
- lib: cpu_rmap: Fix potential use-after-free in
irq_cpu_rmap_release() (CVE-2023-53484 bsc#1250895).
- commit d30b615
- lib: cpu_rmap: Avoid use after free on rmap->obj array entries
(CVE-2023-53484 bsc#1250895).
- commit 3aa6f20
- wifi: cfg80211: reject auth/assoc to AP with our address
(CVE-2023-53540 bsc#1251053).
- commit ee3b008
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
(CVE-2023-53715 bsc#1252545).
- commit 9b29c92
- i40e: fix idx validation in config queues msg (CVE-2025-39971 bsc#1252052)
- commit c33db33
- i40e: Add bounds check for ch[] array (CVE-2025-39971 bsc#1252052)
- commit bf307ec
- i40e: fix input validation logic for action_meta (CVE-2025-39970 bsc#1252051)
- commit 4e82f01
- i40e: Fix filter input checks to prevent config with invalid values (CVE-2025-39970 bsc#1252051)
- commit 57297d8
- net: sched: sfb: fix null pointer access issue when sfb_init()
fails (CVE-2022-50356 bsc#1250040).
- commit 882fd64
- tty: serial: samsung_tty: Fix a memory leak in
s3c24xx_serial_getclk() when iterating clk (CVE-2023-53687
bsc#1251772).
- commit 653cf6a
- cifs: Release folio lock on fscache read hit (CVE-2023-53593 bsc#1251132)
- commit 6362ac3
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (CVE-2025-39923 bsc#1250741)
- commit fbf8fb9
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (CVE-2025-39876 bsc#1250400)
- commit bd6ed1f
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
- commit e2ece38
- netfilter: conntrack: fix wrong ct->timeout value
(CVE-2023-53635 bsc#1251524).
- commit cb2dbc3
- scsi: iscsi_tcp: Check that sock is valid before
iscsi_set_param() (git-fixes).
- commit f85971b
- Refresh
patches.suse/e1000e-fix-heap-overflow-in-e1000_set_eeprom.patch.
Let check_add_overflow perform its intended duty.
- commit bbde1b2
- smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path (CVE-2025-39929 bsc#1251036)
- commit 33a9326
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911 bsc#1250704)
- commit 18ff544
- sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812 bsc#1250202)
- commit 262d224
- integrity: Fix memory leakage in keyring allocation error path (CVE-2022-50395 bsc#1250211)
- commit 89f3524
- memory: of: Fix refcount leak bug in of_get_ddr_timings() (CVE-2022-50249 bsc#1249747)
- commit a04f0d4
- openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1249854)
- commit 5c8a374
- net: openvswitch: fix race on port output (CVE-2023-53188 bsc#1249854)
- commit 02a1cae
- ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702 bsc#1249317)
- commit 6728b5c
- sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718 bsc#1249161)
- commit 084aea4
- serial: 8250: fix panic due to PSLVERR (CVE-2025-39724 bsc#1249265)
- commit 9d4bd1b
- scsi: qla4xxx: Prevent a potential error pointer dereference (CVE-2025-39676 bsc#1249302)
- commit a7b1238
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (CVE-2025-38680 bsc#1249203)
- commit c6c8afe
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling
getpeername() (CVE-2022-50459 bsc#1250850).
- commit 3807688
- blk-mq: fix NULL dereference on q->elevator in
blk_mq_elv_switch_none (CVE-2023-53292 bsc#1250163).
- blk-mq: protect q->elevator by ->sysfs_lock in
blk_mq_elv_switch_none (CVE-2023-53292 bsc#1250163).
- commit f60e1b9
- netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
(CVE-2023-53619 bsc#1251743).
- commit d9a3ca9
- NFSv4.1: fix backchannel max_resp_sz verification check
(bsc#1247518).
- commit 4f042cf
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'. This occurred in
commit c35dc3823d08 ("Update to 6.0-rc1") on master and in d016c04d731d
("Bump to 6.4 kernel (jsc#PED-4593)") for SLE15-SP6 (and onwards).
Update the documentation to reflect this change.
- commit f42ecf5
- ALSA: ac97: Fix possible error value of *rac97 (CVE-2023-53648
bsc#1251750).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
(CVE-2023-53648 bsc#1251750).
- commit 3add5a8
- tipc: add tipc_bearer_min_mtu to calculate min mtu
(CVE-2023-53517 bsc1250919).
- commit af0b7c0
- tipc: do not update mtu if msg_max is too small in mtu
negotiation (CVE-2023-53517 bsc#1250919).
- commit 246819a
- btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (CVE-2022-50293 bsc#1249752)
- commit 674444e
- btrfs: exit gracefully if reloc roots don't match (CVE-2023-53183 bsc#1249863)
- commit 5aefca3
- btrfs: fix BUG_ON condition in btrfs_cancel_balance (CVE-2023-53339 bsc#1250329)
- commit e64f98a
- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
(bsc#1249260 CVE-2025-38714).
- commit d550dcb
- nfsd: handle get_client_locked() failure in
nfsd4_setclientid_confirm() (bsc#1249169 CVE-2025-38724).
- commit 7ce8b22
- net/sched: sch_fq: fix integer overflow of "credit"
(CVE-2023-53624 bsc#1251333).
- commit 4033336
- pNFS: Fix uninited ptr deref in block/scsi layout (bsc#1249215
CVE-2025-38691).
- commit b3165ea
- Update
patches.suse/0003-fbdev-omapfb-lcd_mipid-Fix-an-error-handling-path-in.patch
(bsc#1154048 CVE-2023-53650 bsc#1251283).
- Update patches.suse/0087-dm-cache-Fix-UAF-in-destroy.patch
(git-fixes CVE-2022-50496 bsc#1251091).
- Update
patches.suse/0088-dm-thin-Fix-ABBA-deadlock-between-shrink_slab-and-dm_pool_abort_metadata.patch
(git-fixes CVE-2022-50549 bsc#1251550).
- Update
patches.suse/0092-dm-thin-Use-last-transaction-s-pmd-root-when-commit-failed.patch
(git-fixes CVE-2022-50534 bsc#1251292).
- Update
patches.suse/Input-raspberrypi-ts-fix-refcount-leak-in-rpi_ts_pro.patch
(git-fixes CVE-2023-53533 bsc#1251080).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124 CVE-2022-50487
bsc#1251208).
- Update
patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-failur-80fc.patch
(git-fixes CVE-2023-53681 bsc#1251769).
- Update
patches.suse/bpf-sockmap-Fix-repeated-calls-to-sock_put-when-msg-.patch
(bsc#1235485 CVE-2024-56633 CVE-2022-50536 bsc#1251293).
- Update
patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch
(bsc#1215136 CVE-2023-53672 bsc#1251780).
- Update
patches.suse/dm-integrity-call-kmem_cache_destroy-in-dm_integrity-6b79.patch
(git-fixes CVE-2023-53604 bsc#1251210).
- Update
patches.suse/firmware-raspberrypi-fix-possible-memory-leak-in-rpi.patch
(git-fixes CVE-2022-50537 bsc#1251294).
- Update
patches.suse/fs-hfsplus-remove-WARN_ON-from-hfsplus_cat_-read-write-_inode.patch
(git-fixes CVE-2023-53683 bsc#1251329).
- Update
patches.suse/gfs2-Fix-possible-data-races-in-gfs2_show_options.patch
(git-fixes CVE-2023-53622 bsc#1251777).
- Update
patches.suse/ipmi-Cleanup-oops-on-initialization-failure.patch
(FATE#326156 CVE-2023-53611 bsc#1251123).
- Update
patches.suse/media-coda-Add-check-for-dcoda_iram_alloc.patch
(git-fixes CVE-2022-50501 bsc#1251099).
- Update patches.suse/media-coda-Add-check-for-kmalloc.patch
(git-fixes CVE-2022-50509 bsc#1251522).
- Update patches.suse/media-radio-shark-Add-endpoint-checks.patch
(git-fixes CVE-2023-53644 bsc#1251736).
- Update
patches.suse/msft-hv-2870-Drivers-hv-vmbus-Don-t-dereference-ACPI-root-object-.patch
(git-fixes CVE-2023-53647 bsc#1251732).
- Update
patches.suse/net-cdc_ncm-Deal-with-too-low-values-of-dwNtbOutMaxS.patch
(git-fixes CVE-2023-53667 bsc#1251761).
- Update
patches.suse/ocfs2-fix-defrag-path-triggering-jbd2-ASSERT.patch
(git-fixes CVE-2023-53564 bsc#1251072).
- Update
patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch
(bsc#1065729 CVE-2022-50504 bsc#1251182).
- Update
patches.suse/ring-buffer-Fix-deadloop-issue-on-reading-trace_pipe.patch
(git-fixes CVE-2023-53668 bsc#1251286).
- Update
patches.suse/ring-buffer-Sync-IRQ-works-before-buffer-destruction.patch
(git-fixes CVE-2023-53587 bsc#1251128).
- Update
patches.suse/s390-zcrypt-don-t-leak-memory-if-dev_set_name-fails.patch
(git-fixes bsc#1215152 CVE-2023-53568 bsc#1251035).
- Update
patches.suse/scsi-mpt3sas-Fix-possible-resource-leaks-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2022-50532 bsc#1251300).
- Update
patches.suse/scsi-qla2xxx-Avoid-fcport-pointer-dereference.patch
(bsc#1213747 CVE-2023-53603 bsc#1251180).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch
(jsc#PED-568 CVE-2022-50493 bsc#1251088).
- Update
patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch
(bsc#1213747 CVE-2023-53615 bsc#1251113).
- Update
patches.suse/scsi-ses-Fix-possible-desc_ptr-out-of-bounds-accesses.patch
(git-fixes CVE-2023-53675 bsc#1251325).
- Update
patches.suse/usb-host-xhci-Fix-potential-memory-leak-in-xhci_allo.patch
(git-fixes CVE-2022-50544 bsc#1251725).
- Update
patches.suse/xhci-Remove-device-endpoints-from-bandwidth-list-whe.patch
(git-fixes CVE-2022-50470 bsc#1251202).
- commit a902bff
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367 bsc#1250277)
- commit d8f49e5
- cnic: Fix use-after-free bugs in cnic_delete_task
(CVE-2025-39945 bsc#1251230).
- iavf: Fix use-after-free in free_netdev (CVE-2023-53556
bsc#1251059).
- commit afb4745
- wifi: iwlwifi: mvm: don't trust firmware n_channels
(CVE-2023-53589 bsc#1251129).
- commit 988e8e2
- driver core: fix resource leak in device_add() (CVE-2023-53594
bsc#1251166).
- commit 5614ed9
- wifi: brcmfmac: ensure CLM version is null-terminated to
prevent stack-out-of-bounds (CVE-2023-53582 bsc#1251061).
- commit fad0717
- tracing: Add down_write(trace_event_sem) when adding trace event
(bsc#1248211 CVE-2025-38539).
- commit e8323f2
- ftrace: Also allocate and copy hash for reading of filter files
(bsc#1250032 CVE-2025-39813).
- commit fc74b08
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
(bsc#1251197 CVE-2022-50485).
- commit e7befdc
- fs: writeback: fix use-after-free in __mark_inode_dirty()
(bsc#1250455 CVE-2025-39866).
- commit 71bbea8
- fs: Prevent file descriptor table allocations exceeding INT_MAX
(bsc#1249512 CVE-2025-39756).
- commit a3d8b0c
- ftrace: Fix potential warning in trace_printk_seq during
ftrace_dump (bsc#1250032 CVE-2025-39813).
- commit 4308207
- trace/fgraph: Fix the warning caused by missing unregister
notifier (bsc#1248211 CVE-2025-38539).
- commit 44bb2c8
- ipv6: Add lwtunnel encap size of all siblings in nexthop
calculation (CVE-2023-53477 bsc#1250840).
- commit 9c1503d
- drivers: base: Free devm resources when unregistering a device
(CVE-2023-53596 bsc#1251161).
- commit b016181
- media: v4l2-mem2mem: add lock to protect parameter num_rdy
(CVE-2023-53519 bsc#1250964).
- commit d68a51f
- ip_vti: fix potential slab-use-after-free in decode_session6
(CVE-2023-53559 bsc#1251052).
- commit 688b608
- Refresh
patches.suse/e1000e-fix-heap-overflow-in-e1000_set_eeprom.patch.
- commit 9531965
- ACPICA: Fix use-after-free in
acpi_ut_copy_ipackage_to_ipackage() (CVE-2022-50423
bsc#1250784).
- commit e5308a6
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
(CVE-2025-39841 bsc#1250274).
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory
is allocated (CVE-2025-38700 bsc#1249182).
- scsi: bfa: Double-free fix (CVE-2025-38699 bsc#1249224).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs
firmware write (CVE-2023-53282 bsc#1250311).
- scsi: target: iscsi: Fix a race condition between login_work
and the login thread (CVE-2022-50350 bsc#1250261).
- commit 204e345
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
(CVE-2023-53548 bsc#1251066).
- blacklist.conf: CVE unknown at the time
- commit 7beb085
- drm/rockchip: lvds: fix PM usage counter unbalance in poweron (bsc#1250768 CVE-2022-50443)
- commit b56de15
- fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741
CVE-2022-50516).
- commit 09e6897
- af_unix: Fix data-races around user->unix_inflight
(CVE-2023-53204 bsc#1249682).
- commit 77897d4
- media: si470x: Fix use-after-free in si470x_int_in_callback()
(CVE-2022-50542 bsc#1251330).
- commit 29b7473
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (CVE-2022-50327 bsc#1249859)
- commit 18b9822
- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport
structure (CVE-2025-38695 bsc#1249285).
- commit a538909
- cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
(CVE-2022-50481 bsc#1251051).
- commit e12557d
- lwt: Fix return values of BPF xmit ops (bsc#1250074
CVE-2023-53338).
- commit 6dcc27e
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (CVE-2022-50394 bsc#1250107)
- commit 473df14
- wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185 bsc#1249820)
- commit ee941e7
- irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains (CVE-2023-53191 bsc#1249721)
- commit 3a22168
- ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (CVE-2023-53271 bsc#1249916)
- commit 0c5e1f7
- media: bdisp: Add missing check for create_workqueue (CVE-2023-53289 bsc#1249941)
- commit a94aab1
- crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373 bsc#1250137)
- commit dd42b1d
- iommu/mediatek: Fix crash on isr after kexec() (CVE-2022-50236
bsc#1249702).
- commit 97b644f
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (CVE-2023-53476 bsc#1250839)
- commit 04895ff
- e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898
bsc#1250742).
- net: add vlan_get_protocol_and_depth() helper (CVE-2023-53433
bsc#1250164).
- commit 2836e8d
- drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (CVE-2022-50242 bsc#1249696)
- commit 2d1b74b
- igb: Do not bring the device up after non-fatal error
(CVE-2023-53148 bsc#1249842).
- commit d58ebba
- net: If sock is dead don't access sock's sk_wq in
sk_stream_wait_memory (CVE-2022-50409 bsc#1250392).
- commit d8d8ecd
- ppp: fix memory leak in pad_compress_skb (CVE-2025-39847
bsc#1250292).
- gve: prevent ethtool ops after shutdown (CVE-2025-38735
bsc#1249288).
- igb: Fix igb_down hung on surprise removal (CVE-2023-53148
bsc#1249842).
- qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable()
failure (CVE-2022-50288 bsc#1249802).
- igb: Do not free q_vector unless new one was allocated
(CVE-2022-50252 bsc#1249846).
- commit 0b4ef82
- Update
patches.suse/0001-media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
(bsc#1209291 CVE-2023-28328 CVE-2022-50272 bsc#1249808).
- Update
patches.suse/0001-ubi-ensure-that-VID-header-offset-VID-header-size-al.patch
(bsc#1210584 CVE-2023-53265 bsc#1249908).
- Update
patches.suse/0001-wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
(bsc#1209287 CVE-2023-1380 CVE-2023-53213 bsc#1249918).
- Update
patches.suse/0012-md-Replace-snprintf-with-scnprintf.patch
(git-fixes bsc#1164051 CVE-2022-50299 bsc#1249734).
- Update patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch
(git-fixes CVE-2022-50385 bsc#1250131).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124 CVE-2022-50410
bsc#1250187).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-Rdir.patch
(bsc#1205128 CVE-2022-43945 CVE-2022-50235 bsc#1249667).
- Update
patches.suse/PCI-ASPM-Disable-ASPM-on-MFD-function-removal-to-avo.patch
(git-fixes CVE-2023-53446 bsc#1250145).
- Update
patches.suse/blk-mq-fix-possible-memleak-when-register-hctx-failed-4b7a.patch
(git-fixes CVE-2022-50434 bsc#1250792).
- Update
patches.suse/bpf-make-sure-skb-len-0-when-redirecting-to-a-tunnel.patch
(CVE-2022-49975 bsc#1245196 CVE-2022-50253 bsc#1249912).
- Update
patches.suse/btrfs-fix-resolving-backrefs-for-inline-extent-follo.patch
(bsc#1213133 CVE-2022-50456 bsc#1250856).
- Update
patches.suse/chardev-fix-error-handling-in-cdev_device_add.patch
(git-fixes CVE-2022-50282 bsc#1249739).
- Update
patches.suse/cifs-Fix-memory-leak-when-build-ntlmssp-negotiate-blob-failed.patch
(bsc#1190317 CVE-2022-50372 bsc#1250052).
- Update
patches.suse/cifs-Fix-warning-and-UAF-when-destroy-the-MR-list.patch
(bsc#1190317 CVE-2023-53427 bsc#1250168).
- Update patches.suse/cifs-Fix-xid-leak-in-cifs_create-.patch
(bsc#1190317 CVE-2022-50351 bsc#1249925).
- Update patches.suse/cifs-Fix-xid-leak-in-cifs_flock-.patch
(bsc#1190317 CVE-2022-50460 bsc#1250879).
- Update
patches.suse/cifs-fix-DFS-traversal-oops-without-CONFIG_CIFS_DFS_UPCALL.patch
(bsc#1190317 CVE-2023-53246 bsc#1249867).
- Update
patches.suse/drm-vmwgfx-Validate-the-box-size-for-the-snooped-cur.patch
(bsc#1203332 CVE-2022-36280 CVE-2022-50440 bsc#1250853).
- Update
patches.suse/ext4-avoid-crash-when-inline-data-creation-follows-D.patch
(bsc#1206883 CVE-2022-50435 bsc#1250799).
- Update
patches.suse/ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch
(bsc#1213016 CVE-2023-53149 bsc#1249882).
- Update
patches.suse/ext4-fix-i_disksize-exceeding-i_size-problem-in-pari.patch
(bsc#1213015 CVE-2023-53270 bsc#1249872).
- Update
patches.suse/ext4-fix-null-ptr-deref-in-ext4_write_info.patch
(bsc#1206884 CVE-2022-50344 bsc#1250014).
- Update
patches.suse/ext4-init-quota-for-old.inode-in-ext4_rename.patch
(bsc#1207629 CVE-2022-50346 bsc#1250044).
- Update
patches.suse/firmware-dmi-sysfs-Fix-null-ptr-deref-in-dmi_sysfs_r.patch
(bsc#1238467 CVE-2023-53250 bsc#1249727).
- Update
patches.suse/genirq-ipi-Fix-NULL-pointer-deref-in-irq_data_get_af.patch
(git-fixes CVE-2023-53332 bsc#1249951).
- Update
patches.suse/ipv6-addrconf-fix-a-potential-refcount-underflow-for.patch
(git-fixes CVE-2023-53189 bsc#1249894).
- Update
patches.suse/jbd2-check-jh-b_transaction-before-removing-it-from-.patch
(bsc#1214953 CVE-2023-53526 bsc#1250928).
- Update
patches.suse/kernfs-fix-use-after-free-in-__kernfs_remove.patch
(git-fixes CVE-2022-50432 bsc#1250851).
- Update
patches.suse/kprobes-Fix-check-for-probe-enabled-in-kill_kprobe.patch
(git-fixes CVE-2022-50266 bsc#1249810).
- Update patches.suse/md-fix-a-crash-in-mempool_free-3410.patch
(git-fixes CVE-2022-50381 bsc#1250257).
- Update
patches.suse/md-raid10-check-slab-out-of-bounds-in-md_bitmap_get_-3018.patch
(git-fixes CVE-2023-53357 bsc#1249994).
- Update
patches.suse/md-raid10-fix-leak-of-r10bio-remaining-for-recovery-2620.patch
(git-fixes CVE-2023-53299 bsc#1249927).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-of-mreplace-in-raid10_s-3481.patch
(git-fixes CVE-2023-53380 bsc#1250198).
- Update
patches.suse/md-raid10-fix-wrong-setting-of-max_corr_read_errors-f8b2.patch
(git-fixes CVE-2023-53313 bsc#1249911).
- Update
patches.suse/md-raid10-prevent-soft-lockup-while-flush-writes-0104.patch
(git-fixes CVE-2023-53151 bsc#1249865).
- Update
patches.suse/msft-hv-2841-scsi-storvsc-Fix-handling-of-virtual-Fibre-Channel-t.patch
(git-fixes CVE-2023-53245 bsc#1249641).
- Update
patches.suse/net-fec-Better-handle-pm_runtime_get-failing-in-.rem.patch
(git-fixes CVE-2023-53308 bsc#1250045).
- Update
patches.suse/netfilter-conntrack-dccp-copy-entire-header-to-stack.patch
(CVE-2023-39197 bsc#1216976 CVE-2023-53333 bsc#1249949).
- Update
patches.suse/netlink-avoid-infinite-retry-looping-in-netlink_unic.patch
(CVE-2025-38465 bsc#1247118 CVE-2025-38727 bsc#1249166).
- Update
patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch
(git-fixes CVE-2022-50401 bsc#1250140).
- Update
patches.suse/ocfs2-fix-memory-leak-in-ocfs2_stack_glue_init.patch
(git-fixes CVE-2022-50289 bsc#1249981).
- Update
patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch
(bsc#1065729 CVE-2023-53326 bsc#1250071).
- Update
patches.suse/pstore-ram-Check-start-of-empty-przs-during-init.patch
(git-fixes CVE-2023-53331 bsc#1249950).
- Update
patches.suse/rbd-avoid-use-after-free-in-do_rbd_add-when-rbd_dev_-f7c4.patch
(git-fixes CVE-2023-53307 bsc#1250043).
- Update
patches.suse/sched-fair-Don-t-balance-task-to-its-current-running-CPU.patch
(git fixes (sched) CVE-2023-53215 bsc#1250397).
- Update
patches.suse/scsi-core-Fix-possible-memory-leak-if-device_add-fails.patch
(git-fixes CVE-2023-53174 bsc#1250024).
- Update
patches.suse/scsi-fcoe-Fix-transport-not-deattached-when-fcoe_if_init-fails.patch
(git-fixes CVE-2022-50414 bsc#1250183).
- Update
patches.suse/scsi-libsas-Fix-use-after-free-bug-in-smp_execute_task_sg.patch
(git-fixes CVE-2022-50422 bsc#1250774).
- Update patches.suse/scsi-mpt3sas-Fix-a-memory-leak.patch
(git-fixes CVE-2023-53512 bsc#1250915).
- Update
patches.suse/scsi-qla2xxx-Fix-potential-NULL-pointer-dereference.patch
(bsc#1213747 CVE-2023-53451 bsc#1250831).
- Update
patches.suse/scsi-qla2xxx-Pointer-may-be-dereferenced.patch
(bsc#1213747 CVE-2023-53150 bsc#1249853).
- Update
patches.suse/scsi-qla2xxx-Remove-unused-nvme_ls_waitq-wait-queue.patch
(bsc#1213747 CVE-2023-53280 bsc#1249938).
- Update
patches.suse/scsi-qla2xxx-Use-raw_smp_processor_id-instead-of-smp.patch
(git-fixes CVE-2023-53530 bsc#1250949).
- Update
patches.suse/scsi-qla2xxx-Wait-for-io-return-on-terminate-rport.patch
(bsc#1211960 CVE-2023-53322 bsc#1250323).
- Update
patches.suse/scsi-qla4xxx-Add-length-check-when-parsing-nlattrs.patch
(git-fixes CVE-2023-53456 bsc#1250765).
- Update
patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_intf_remove.patch
(git-fixes CVE-2023-53521 bsc#1250965).
- Update
patches.suse/scsi-snic-Fix-possible-memory-leak-if-device_add-fails.patch
(git-fixes CVE-2023-53436 bsc#1250156).
- Update
patches.suse/tpm-tpm_crb-Add-the-missed-acpi_put_table-to-fix-mem.patch
(bsc#1082555 CVE-2022-50389 bsc#1250121).
- Update
patches.suse/tracing-Fix-race-issue-between-cpu-buffer-write-and-swap.patch
(git-fixes CVE-2023-53368 bsc#1249979).
- Update
patches.suse/udf-Do-not-bother-merging-very-long-extents.patch
(bsc#1213040 CVE-2023-53506 bsc#1250963).
- Update
patches.suse/udf-Do-not-update-file-length-for-failed-writes-to-i.patch
(bsc#1213041 CVE-2023-53295 bsc#1250324).
- Update
patches.suse/udf-Fix-uninitialized-array-access-for-some-pathname.patch
(bsc#1214967 CVE-2023-53165 bsc#1250395).
- Update
patches.suse/vhost-vsock-Use-kvmalloc-kvfree-for-larger-packets.patch
(git-fixes CVE-2022-50271 bsc#1249740).
- Update
patches.suse/virtio_net-Fix-error-unwinding-of-XDP-initialization.patch
(git-fixes CVE-2023-53499 bsc#1250818).
- Update patches.suse/xen-gntdev-Prevent-leaking-grants.patch
(git-fixes CVE-2022-50257 bsc#1249743).
- Update
patches.suse/xfrm-add-NULL-check-in-xfrm_update_ae_params.patch
(bsc#1213666 CVE-2023-3772 CVE-2023-53147 bsc#1249880).
- commit f14b4f5
- i40e: Fix potential invalid access when MAC list is empty (CVE-2025-39853 bsc#1250275)
- commit 15849c1
- x86/tsc: Append the 'tsc=' description for the 'tsc=unstable'
boot parameter (git-fixes).
- Refresh
patches.suse/0004-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch.
- commit fc36e71
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
(CVE-2025-39860 bsc#1250247).
- commit db1f312
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
CONFIG_SCHED_PROXY_EXEC is set only when the debug is off, exclusive
to CONFIG_SCHED_CLASS_EXT.
- commit ac06fa9
- net: bridge: fix soft lockup in br_multicast_query_expired()
(CVE-2025-39773 bsc#1249504).
- net: bridge: mcast: add and enforce startup query interval
minimum (CVE-2025-39773 bsc1249504).
- net: bridge: mcast: add and enforce query interval minimum
(CVE-2025-39773 bsc1249504).
- commit 86febde
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation
(CVE-2025-39824 bsc#1250007).
- commit 74f7410
- ip6mr: Fix skb_under_panic in ip6mr_cache_report()
(CVE-2023-53365 bsc#1249988).
- commit 31b9909
- dmaengine: ti: edma: Fix memory allocation size for
queue_priority_map (CVE-2025-39869 bsc#1250406).
- commit 0c7b875
- netfilter: ctnetlink: remove refcounting in expectation dumpers
(CVE-2025-39764 bsc#1249513).
- commit 21919f3
- net/sched: Fix backlog accounting in qdisc_dequeue_internal
(CVE-2025-39677 bsc#1249300).
- commit 019e014
- cifs: prevent NULL pointer dereference in UTF16 conversion
(bsc#1250365, CVE-2025-39838).
- commit a653056
- l2tp: remove unused list_head member in l2tp_tunnel (git-fixes).
- commit a146724
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
Move the call to release_sock() to match upstream. This will make
future backports easier.
- commit 7c5477e
- Bluetooth: eir: Fix using strlen with
hdev->{dev_name,short_name} (CVE-2022-50233 bsc#1246968).
- commit 7861eb7
- Update
patches.suse/ACPICA-Fix-error-code-path-in-acpi_ds_call_control_method.patch
(bsc#1250393 CVE-2022-50411).
Fix wrongly C&Ped bug and CVE number.
- commit c1344a1
- ocfs2: fix recursive semaphore deadlock in fiemap call
(bsc#1250407 CVE-2025-39885).
- commit fa96337
- mm/smaps: fix race between smaps_hugetlb_range and migration
(CVE-2025-39754 bsc#1249524).
- commit c2c05c6
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
(CVE-2022-50359 bsc#1250269).
- commit 680e9a1
- mISDN: hfcpci: Fix warning when deleting uninitialized timer
(CVE-2025-39833 bsc#1250028).
- commit 44dd6de
- net: ena: fix shift-out-of-bounds in exponential backoff (CVE-2023-53272 bsc#1249917)
- commit 79f3645
- Refresh
patches.suse/btrfs-fix-deadlock-when-aborting-transaction-during-.patch.
- Refresh
patches.suse/btrfs-prevent-ioctls-from-interfering-with-a-swap-file.patch.
- commit df48fdf
- wifi: brcmfmac: fix use-after-free when rescheduling
brcmf_btcoex_info work (CVE-2025-39863 bsc#1250281).
- commit b50d5fe
- serial: 8250: Fix oops for port->pm on uart_change_pm()
(CVE-2023-53176 bsc#1249991).
- commit ef178fc
- Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386
bsc#1250301).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit ef8e23b
- mm: zswap: fix missing folio cleanup in writeback race path
(CVE-2023-53178 bsc#1249827 git-fix).
- commit 556f4d6
- mm: fix zswap writeback race condition (CVE-2023-53178
bsc#1249827).
- commit 58cd2c5
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
times (CVE-2022-50419 bsc#1250394).
- commit b4e8638
- wifi: brcmfmac: fix use-after-free bug in
brcmf_netdev_start_xmit() (CVE-2022-50408 bsc#1250391).
- commit d1d8e28
- ALSA: hda: Fix Oops by 9.1 surround channel names
(CVE-2023-53400 bsc#1250328).
- commit ba820fb
- wifi: mac80211_hwsim: drop short frames (CVE-2023-53321
bsc#1250313).
- commit 6ddc75a
- tee: fix NULL pointer dereference in tee_shm_put (CVE-2025-39865
bsc#1250294).
- commit f721184
- serial: 8250: Reinit port->pm on port specific driver unbind
(CVE-2023-53176 bsc#1249991).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
lpuart_dma_shutdown (CVE-2022-50375 bsc#1250132).
- Refresh
patches.suse/tty-serial-fsl_lpuart-fix-race-on-RX-DMA-shutdown.patch.
- drivers: serial: jsm: fix some leaks in probe (CVE-2022-50312
bsc#1249716).
- commit 1aca549
- wifi: ath9k: verify the expected usb_endpoints are present
(CVE-2022-50297 bsc#1250250).
- commit 6950b3a
- wifi: iwl4965: Add missing check for
create_singlethread_workqueue() (CVE-2023-53302 bsc#1249958).
- commit 8f88848
- nfc: fix memory leak of se_io context in nfc_genl_se_io
(CVE-2023-53298 bsc#1249944).
- Refresh
patches.suse/nfc-change-order-inside-nfc_se_io-error-path.patch.
- commit d32133b
- x86/MCE: Always save CS register on AMD Zen IF Poison errors
(CVE-2023-53438 bsc#1250180).
- commit bf84e9b
- wifi: mwifiex: avoid possible NULL skb pointer dereference
(CVE-2023-53384 bsc#1250127).
- commit d34c18b
- ALSA: usb-audio: Fix size validation in convert_chmap_v3()
(CVE-2025-39757 bsc#1249515).
- commit 0ab86d7
- HID: hid-ntrig: fix unable to handle page fault in
ntrig_report_version() (CVE-2025-39808 bsc#1250088).
- commit 5536678
- Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305
bsc#1250049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit ac84db6
- wifi: iwl3945: Add missing check for
create_singlethread_workqueue (CVE-2023-53277 bsc#1249936).
- commit 4da361d
- soc: qcom: mdt_loader: Deal with zero e_shentsize
(CVE-2025-39787 bsc#1249545).
- soc: qcom: mdt_loader: Fix error return values in
mdt_header_valid() (CVE-2025-39787 bsc#1249545).
- commit 529120f
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors
(CVE-2025-39757 bsc#1249515).
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header
(CVE-2025-39787 bsc#1249545).
- commit 5d06f31
- btrfs: abort transaction on unexpected eb generation at
btrfs_copy_root() (bsc#1250177 CVE-2025-39800).
- Refresh
patches.suse/0001-btrfs-Introduce-support-for-FSID-change-without-meta.patch.
- Refresh
patches.suse/0002-btrfs-Remove-fsid-metadata_fsid-fields-from-btrfs_in.patch.
- commit ebb9819
- kernel-source.spec: Depend on python3-base for build
Both kernel-binary and kernel-docs already have this dependency.
Adding it to kernel-source makes it possible to use python in shared
build scripts.
- commit 72fdedd
- kernel-source: Do not list mkspec and its inputs as sources
(bsc#1250522).
This excludes the files from the src.rpm. The next step is to remove
these files in tar-up so that they do not get uploaded to OBS either.
As there is only one version of tar-up these files need to be removed
from all kernels.
- commit e72b8a2
- bpf: cpumap: Fix memory leak in cpu_map_update_elem (bsc#1250150
CVE-2023-53441).
- commit 77b4844
- drivers/md/md-bitmap: check the return value of
md_bitmap_get_counter() (CVE-2022-50402, bsc#1250363).
- commit b998cb4
- ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358
CVE-2023-53395).
- commit 16cf2b4
- ACPICA: Fix error code path in acpi_ds_call_control_method()
(bsc#1249615 CVE-2025-39763).
- commit 00cd9ae
- rpm: Link arch-symbols script from scripts directory.
- commit 90b2abb
- skbuff: Account for tail adjustment during pull operations
(CVE-2022-50365 bsc#1250084).
- commit 2c0b58b
- btrfs: fix deadlock when aborting transaction during relocation
with scrub (bsc#1250018 CVE-2023-53348).
- commit 6970fda
- use uniform permission checks for all mount propagation changes
(git-fixes).
- commit 5972133
- net/tunnel: wait until all sk_user_data reader finish before
releasing the sock (CVE-2022-50405 bsc#1250155).
- commit aea82ac
- rpm: Link guards script from scripts directory.
- commit e19a893
- usb: core: config: Prevent OOB read in SS endpoint companion
parsing (CVE-2025-39760 bsc#1249598).
- commit ee5b3a5
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
(CVE-2023-53344 bsc#1250023).
- net: sched: fix memory leak in tcindex_set_parms (CVE-2022-50396
bsc#1250104).
- net: hns: fix possible memory leak in hnae_ae_register()
(CVE-2022-50352 bsc#1249922).
- commit 10ff501
- drm/client: Fix memory leak in drm_client_modeset_probe (bsc#1250058 CVE-2023-53288)
- commit d2583cc
- modpost: fix off by one in is_executable_section() (bsc#1250125
CVE-2023-53397).
- commit 1e88ffb
- dma-buf: add dma_fence_get_stub (bsc#1249779)
- commit af3d574
- drm/amdgpu: install stub fence into potential unused fence pointers (bsc#1249779 CVE-2023-53248)
- commit 2f24c24
- Refresh patches.kabi/blkg_policy_data-fix-kabi.patch.
- Refresh
patches.kabi/xsk-Fix-race-condition-in-AF_XDP-generic-RX-path.patch.
- commit aee218b
- fixup patches.suse/ext4-fix-WARNING-in-mb_find_extent.patch
- commit bc062c7
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (CVE-2023-53393 bsc#1250114)
- commit 3367be7
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (CVE-2023-53335 bsc#1250072)
- commit de7e5a8
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
(CVE-2023-53309 bsc#1250055).
- commit 0fc616d
- Refresh patches.kabi/blkg_policy_data-fix-kabi.patch.
- commit 5d9cd59
- Update config files. (bsc#1249186)
Enable where we define KABI refs + rely on Kconfig deps.
- commit a2cab75
- Refresh patches.kabi/blkg_policy_data-fix-kabi.patch.
- Refresh
patches.kabi/xsk-Fix-race-condition-in-AF_XDP-generic-RX-path.patch.
Semiautomatic
git grep -l BUILD_BUG_ON patches.kabi/ | xargs sed -i '/^+/s/\<BUILD_BUG_ON\>/suse_kabi_static_assert/'
plus manual drop of guard in blkg_policy_data-fix-kabi.patch.
- commit 7689a50
- build_bug.h: add wrapper for _Static_assert (bsc#1249186).
- commit 55004e9
- iomap: iomap: fix memory corruption when recording errors
during writeback (bsc#1250165 CVE-2022-50406).
- commit 5a4f1a7
- ext4: fix WARNING in mb_find_extent (bsc#1250081
CVE-2023-53317).
- commit 85276b3
- jbd2: prevent softlockup in jbd2_log_do_checkpoint()
(bsc#1249526 CVE-2025-39782).
- commit 3659634
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
(bsc#1249258 CVE-2025-38701).
- commit a95c36d
- fs/buffer: fix use-after-free when call bh_read() helper
(bsc#1249374 CVE-2025-39691).
- commit f608a73
- kcm: annotate data-races around kcm->rx_wait (CVE-2022-50265
bsc#1249744).
- kcm: annotate data-races around kcm->rx_psock (CVE-2022-50291
bsc#1249798).
- commit aaba982
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
(bsc#1249194 CVE-2025-38712).
- commit 521eb34
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(bsc#1249200 CVE-2025-38713).
- commit 91e012f
- wifi: brcmfmac: Fix potential stack-out-of-bounds in
brcmf_c_preinit_dcmds() (CVE-2022-50258 bsc#1249947).
- commit 5e60cf0
- drivers: base: cacheinfo: Fix shared_cpu_map changes in event
of CPU hotplug (CVE-2023-53254 bsc#1249871).
- commit d73f053
- cacheinfo: Fix shared_cpu_map to handle shared caches at
different levels (CVE-2023-53254 bsc#1249871).
- commit b2d75ed
- wifi: mwifiex: Fix oob check condition in
mwifiex_process_rx_packet (CVE-2023-53226 bsc#1249658).
- wifi: mwifiex: Fix missed return in oob checks failed path
(CVE-2023-53226 bsc#1249658).
- wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after
free for wext" (CVE-2023-53153 bsc#1249877).
- commit 01aaa87
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
(CVE-2023-53226 bsc#1249658).
- wifi: cfg80211: Fix use after free for wext (CVE-2023-53153
bsc#1249877).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream()
fails (CVE-2023-53199 bsc#1249683).
- commit f427ccc
- crypto: cavium - prevent integer overflow loading firmware
(CVE-2022-50330 bsc#1249700).
- commit 489e575
- crypto: cavium - add release_firmware to all return case
(CVE-2022-50330 bsc#1249700).
- commit 372d22d
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
(CVE-2022-50349 bsc#1249920).
- commit 658f5fe
- wifi: brcmfmac: fix potential memory leak in
brcmf_netdev_start_xmit() (CVE-2022-50321 bsc#1249706).
- commit d3baaae
- cxl: Fix refcount leak in cxl_calc_capp_routing (CVE-2022-50311
bsc#1249720).
- commit 70f8a07
- mm: export bdi_unregister (CVE-2022-50304 bsc#1249725).
- commit 9420929
- mtd: core: fix possible resource leak in init_mtd()
(CVE-2022-50304 bsc#1249725).
- commit 191b4a8
- mm,hugetlb: take hugetlb_lock before decrementing
h->resv_huge_pages (CVE-2022-50285 bsc#1249803).
- commit 53c2d88
- RDMA/bnxt_re: wraparound mbox producer index (CVE-2023-53201 bsc#1249687)
- commit 4aab7ab
- wifi: libertas: fix memory leak in lbs_init_adapter()
(CVE-2022-50294 bsc#1249799).
- cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
(CVE-2022-50244 bsc#1249647).
- PNP: fix name memory leak in pnp_alloc_dev() (CVE-2022-50278
bsc#1249715).
- commit c3e3de7
- drm/amd/pm: fix null pointer access (CVE-2025-38705
bsc#1249334).
- commit 6b431f7
- fbdev: fix potential buffer overflow in
do_register_framebuffer() (CVE-2025-38702 bsc#1249254).
- commit 4004fc6
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
(CVE-2025-39706 bsc#1249413).
- commit 83af3ba
- Refresh
patches.suse/Bluetooth-Replace-BT_DBG-with-bt_dev_dbg-for-managem.patch.
- commit c6ff1e0
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
(CVE-2025-39751 bsc#1249538).
- commit 8a44263
- kABI fix after x86/vmscape: Add conditional IBPB mitigation
(bsc#1247483 CVE-2025-40300).
- commit 0df5e36
- drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295 CVE-2025-39705)
- commit 478e53d
- Bluetooth: hci_core: Fix calling mgmt_device_connected
(git-fixes).
- commit bd515e0
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
(CVE-2025-38729 bsc#1249164).
- commit 8b412cb
- pptp: fix pptp_xmit() error path (git-fixes).
- pptp: ensure minimal skb length in pptp_xmit() (CVE-2025-38574
bsc#1248365).
- can: netlink: can_changelink(): fix NULL pointer deref of
struct can_priv::do_set_mode (CVE-2025-38665 bsc#1248648).
- tls: separate no-async decryption request handling from async
(CVE-2024-58240 bsc#1248847).
- commit cb8a609
- Limit patch filenames to 100 characters (bsc#1249604).
- commit e94c0ca
- smb: client: fix use-after-free in cifs_oplock_break
(bsc#1248199, CVE-2025-38527).
- commit e4dac9c
- tipc: improve function tipc_wait_for_cond() (bsc#1249037).
- commit 66b60a2
- PCI: Fix use-after-free of slot->bus on hot remove
(CVE-2024-53194 bsc#1235459).
- commit 8ed6518
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- commit 40606b5
- powerpc/eeh: Export eeh_unfreeze_pe() (CVE-2025-38623
bsc#1248610).
- commit e1ab8da
- pci/hotplug/pnv-php: Wrap warnings in macro (CVE-2025-38623
bsc#1248610).
- commit fcff164
- PCI: pnv_php: Fix surprise plug detection and recovery
(CVE-2025-38623 bsc#1248610).
- commit 77a6e44
- PCI: pnv_php: Clean up allocated IRQs on unplug (CVE-2025-38624
bsc#1248617).
- commit f20bd36
- netfilter: xt_nfacct: don't assume acct name is null-terminated (CVE-2025-38639 bsc#1248674)
- commit 85e9df6
- s390/ism: fix concurrency management in ism_cmd() (git-fixes
bsc#1249266 CVE-2025-39726).
- commit 4cdfb37
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220 CVE-2025-38685)
- commit d40c5ad
- pinmux: fix race causing mux_owner NULL with active mux_usecount
(CVE-2025-38632 bsc#1248669).
- commit 417d30f
- smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247239, CVE-2025-38488).
- commit f68b209
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
(CVE-2025-38602 bsc#1248341).
- commit 26c0123
- iwlwifi: Add missing check for alloc_ordered_workqueue
(CVE-2025-38602 bsc#1248341).
- commit 1f095f0
- wifi: rtl818x: Kill URBs before clearing tx status queue (CVE-2025-38604 bsc#1248333)
- commit 3582a16
- ipv6: reject malicious packets in ipv6_gso_segment()
(CVE-2025-38572 bsc#1248399).
- net/sched: Restrict conditions for adding duplicating netems
to qdisc tree (CVE-2025-38553 bsc#1248255).
- commit edb7431
- rpm: Configure KABI checkingness macro (bsc#1249186)
The value of the config should match presence of KABI reference data. If
it mismatches:
- !CONFIG & reference -> this is bug, immediate fail
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- commit 23c1536
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186)
The motivation: there are patches.kabi/ patches that restore KABI and
they check validity of the approach with static_assert()s to prevent
accidental KABI breakage.
These asserts are invoked on each arch-flavor and they may signal false
negatives -- that is KABI restoration patch could break KABI but the
given arch-flavor defines no KABI.
The intended use is to disable the compile time checks in patches.kabi/
(but not to be confused with __GENKSYMS__ that affects how reference is
calculated).
The name is chosen so that it mimics HAVE_* macros that are not
configured manually (but is selected by an arch). In our case it's
(un)selected by build script depending on whether KABI reference is
defined for given arch-flavor and whether check is really requested by
the user. Default value is 'n' so that people building merely via
Makefile (not RPM with KABI checking) obtain consistent config.
- commit 75ce338