- python
-
- Fix the test suite so it is run again.
- Add CVE-2026-1299-email-encode-EOL-headers.patch preventing
embedded white characters inside of email headers (bsc#1257181,
CVE-2026-1299, gh#python/cpython#144125).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Add add-zlib-eof-attribute.patch, needed for python-urllib3
CVE fix (bsc#1254867)
- Modify CVE-2025-6075-expandvars-perf-degrad.patch so it doesn't
use `re.ASCII` flag, which is not available in Python 2.7
(because it is unnecessary, that's the default behaviour;
bsc#1257064).
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Readjust CVE-2025-6075-expandvars-perf-degrad.patch.
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- libpng12
-
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng12-CVE-2026-25646.patch
- openssl-1_0_0
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22796.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
- util-linux
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- libssh
-
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- expat
-
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- grub2
-
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- gpg2
-
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- Security fix: [bsc#1256390] (gpg.fail/notdash)
* gpg2: Cleartext Signature Forgery in the NotDashEscaped header
implementation in GnuPG
* Add patch gnupg-notdash-escape.patch
* Add parse_compat_flags.patch
* Add compat_flags_base.patch
- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
* gpg: Fix possible memory corruption in the armor parser [T7906]
* Add gnupg-CVE-2025-68973.patch
- Security fix: [bsc#1256244] (gpg.fail/detached)
* gpg: Error out on unverified output for non-detached signatures [T7903]
* Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
- libtasn1
-
- Security fix: [bsc#1256341, CVE-2025-13151]
* Stack-based buffer overflow. The function asn1_expend_octet_string()
fails to validate the size of input data resulting in a buffer overflow.
* Add libtasn1-CVE-2025-13151.patch
- python-pyasn1
-
- fix regression in tests from CVE-2026-23490.patch (bsc#1257129)
- Add CVE-2026-23490.patch to fix CVE-2026-23490 (bsc#1256902)
- libpcap
-
- Security fix: [bsc#1255765, CVE-2025-11961]
* Fix out-of-bound-write and out-of-bound-read in pcap_ether_aton()
due to missing validation of provided MAC-48 address string
* Add libpcap-CVE-2025-11961.patch
- libvirt
-
- CVE-2025-13193: qemu: Set umask for 'qemu-img' when creating
external inactive snapshots
a379327d-CVE-2025-13193.patch
bsc#1253703
- CVE-2025-12748: Check ACLs before parsing the whole domain XML
ec8dafd0-CVE-2025-12748-p1.patch, 69958ba3-CVE-2025-12748-p2.patch,
e6de1e43-CVE-2025-12748-p3.patch, a1f48bca-CVE-2025-12748-p4.patch,
a6dcfee8-CVE-2025-12748-p5.patch, 2a326c41-CVE-2025-12748-p6.patch
bsc#1253278
- sqlite3
-
- Sync version 3.51.2 from Factory:
* CVE-2025-7709, bsc#1254670: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- rsync
-
- Fix bsc#1252351
* Fix order of cihpers in rsync-fix-daemon-proto-32.patch
* rsync client from SLES 12SP5 LTSS fails with "auth failed on module" after installing rsync-3.1.3-3.31.1
- Security update (CVE-2025-10158, bsc#1254441): rsync: Out of
bounds array access via negative index
- Add rsync-CVE-2025-10158.patch
- libsodium
-
- Security fix: [bsc#1256070, CVE-2025-15444, bsc#1255764, CVE-2025-69277]
* check Y==Z in addition to X==0
* Add patch libsodium-CVE-2025-15444.patch
- openssl-1_1
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- python36
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Skip test_curses on ppc64le (gh#python/cpython#141534)
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- Readjust patches while synchronizing between openSUSE and SLE trees:
- F00251-change-user-install-location.patch
- doc-py38-to-py36.patch
- gh126985-mv-pyvenv.cfg2getpath.patch
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- Add CVE fixes:
+ glib2-CVE-2025-13601.patch (bsc#1254297 CVE-2025-13601
glgo#GNOME/glib#3827).
+ glib2-CVE-2025-14087-1.patch, glib2-CVE-2025-14087-2.patch,
glib2-CVE-2025-14087-3.patch (bsc#1254662 CVE-2025-14087
glgo#GNOME/glib#3834).
+ glib2-CVE-2025-14512.patch (bsc#1254878 CVE-2025-14512
glgo#GNOME/glib#3845).
- curl
-
- Security fix: [bsc#1219273, CVE-2023-27534]
* Add upstream regression fix for CVE-2023-27534
* Add curl-CVE-2023-27534-regression-fix.patch
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- Security fixes:
* [bsc#1255731, CVE-2025-14524] bearer token leak on cross-protocol redirect
* [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file
* [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
* Add patches:
- curl-CVE-2025-14524.patch
- curl-CVE-2025-15079.patch
- curl-CVE-2025-14819.patch
- xen
-
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
xsa477.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
xsa479.patch
- bsc#1252692 - VUL-0: CVE-2025-58149: xen: incorrect removal of
permissions on PCI device unplug allows PV guests to access
memory of devices no longer assigned to it (XSA-476)
xsa476.patch
- glibc
-
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- regcomp-double-free.patch: posix: Fix double-free after allocation
failure in regcomp (CVE-2025-8058, bsc#1246965, BZ #33185)
- avahi
-
- Add avahi-CVE-2025-68276.patch:
Backport 0c013e2 from upstream, refuse to create wide-area record
browsers when wide-area is off.
(CVE-2025-68276, bsc#1256498)
- Add avahi-CVE-2025-68471.patch:
Backport 9c6eb53 from upstream, fix DoS bug by changing assert to
return.
(CVE-2025-68471, bsc#1256500)
- Add avahi-CVE-2025-68468.patch:
Backport f66be13 from upstream, fix DoS bug by removing incorrect
assertion.
(CVE-2025-68468, bsc#1256499)
- ca-certificates-mozilla
-
- Updated to 2.84 state (bsc#1258002)
- Removed:
- Baltimore CyberTrust Root
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- DigiNotar Root CA
- Added:
- e-Szigno TLS Root CA 2023
- OISTE Client Root ECC G1
- OISTE Client Root RSA G1
- OISTE Server Root ECC G1
- OISTE Server Root RSA G1
- SwissSign RSA SMIME Root CA 2022 - 1
- SwissSign RSA TLS Root CA 2022 - 1
- TrustAsia SMIME ECC Root CA
- TrustAsia SMIME RSA Root CA
- TrustAsia TLS ECC Root CA
- TrustAsia TLS RSA Root CA
- mozilla-nss
-
- update to NSS 3.112.3
* bmo#2009552 - avoid integer overflow in platform-independent ghash
- python3
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- Readjust CVE-2025-4435-normalize-lnk-trgts-tarfile.patch on the
top of the previous patch. Security fixes for CVE-2025-4517,
CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 on
tarfile (bsc#1244032, bsc#1244061, bsc#1244059, bsc#1244060,
bsc#1244056). The backported fixes do not contain changes for
ntpath.py and related tests, because the support for symlinks
and junctions were added later in Python 3.9, and it does not
make sense to backport them to 3.6 here. The patch is contains
the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in
tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Readjust CVE-2025-8194-tarfile-no-neg-offsets.patch on the top
of the previous two patches
- Add remove-usr-local-bin-shebangs.patch for removing two
shebangs with /usr/local/bin/python (with the complexity of the
current patchset fiddling with the files with `sed` makes those
patches unmaintainable).
- Finally ported CVE-2007-4559-filter-tarfile_extractall.patch
for Python 3.4 (CVE-2007-4559, bsc#1203750, bsc#1251841).
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- libpng16
-
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- security update
- added patches
CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read
* libpng16-CVE-2026-22695.patch
- security update
- added patches
CVE-2025-66293 [bsc#1254480], LIBPNG out-of-bounds read in png_image_read_composite
* libpng16-CVE-2025-66293-1.patch
* libpng16-CVE-2025-66293-2.patch
- security update
- modified patches
* libpng16-1.6.8-CVE-2014-0333.patch (-p1)
* libpng16-CVE-2014-9495.patch (-p1)
* libpng16-CVE-2015-0973.patch (-p1)
* libpng16-CVE-2015-8126-complete.patch (-p1)
* libpng16-CVE-2015-8126.patch (-p1)
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng16-CVE-2025-64505.patch
CVE-2025-64506 [bsc#1254158], heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled
* libpng16-CVE-2025-64506.patch
CVE-2025-64720 [bsc#1254159], buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
* libpng16-CVE-2025-64720.patch
CVE-2025-65018 [bsc#1254160], heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
* libpng16-CVE-2025-65018.patch
- multipath-tools
-
- Update to version 0.7.9+236+suse.0771b5a4:
* multipath-tools: compile with -fno-strict-aliasing and -fexceptions
(bsc#1257007)
* multipathd: print path offline message even without a checker
(bsc#1254094)
* libdmmp/Makefile: build docs in install stage
* libmultipath: fix compilation on tumbleweed
* libmultipath: deal with dynamic PTHREAD_STACK_MIN
* multipath-tools: use /run instead of /dev/shm
* multipathd: ignore duplicated multipathd command keys
- pciutils
-
- pciutils.spec: Add a strict dependency to libpci. [bsc#1252338]
Mixing different versions of pciutils and libpci could result in
a segmentation fault due to incompatible ABI.
- kernel-default
-
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit b3bb110
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit 13d481c
- char: applicom: fix NULL pointer dereference in ac_ioctl
(CVE-2025-68797 bsc#1256660).
- serial: sc16is7xx: setup GPIO controller later in probe
(CVE-2023-54118 bsc#1256131).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
(CVE-2023-54198 bsc#1255970).
- commit fb656d4
- Update
patches.suse/HID-multitouch-Add-NULL-check-in-mt_input_configured.patch
(bsc#1250759 CVE-2024-58020 bsc#1239346).
- Update
patches.suse/HID-uclogic-Add-NULL-check-in-uclogic_input_configur.patch
(CVE-2023-54207 bsc#1255961 CVE-2025-38007 bsc#1244938).
- Update
patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch
(CVE-2025-40088 bsc#1252909 CVE-2025-40087).
- Update
patches.suse/USB-gadget-Fix-obscure-lockdep-violation-for-udc_mut.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-49943 bsc#1244904).
- Update
patches.suse/arp-do-not-assume-dev_hard_header-does-not-change-skb-head.patch
(CVE-2025-71098 bsc#1256591 CVE-2026-22988 bsc#1257282).
- Update
patches.suse/crypto-pcrypt-Call-crypto-layer-directly-when-padata.patch
(bsc#1225527 CVE-2024-56690 bsc#1235428).
- Update
patches.suse/ext4-fix-string-copying-in-parse_apply_sb_mount_opti.patch
(bsc#1253453 CVE-2025-40198 CVE-2025-71123 bsc#1256757).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/igb-Do-not-bring-the-device-up-after-non-fatal-error.patch
(CVE-2023-53148 bsc#1249842 CVE-2024-50040 bsc#1231908).
- Update
patches.suse/ipv6-Fix-potential-uninit-value-access-in-__ip6_make_skb.patch
(CVE-2023-54265 bsc#1255874 CVE-2024-36903 bsc#1225741).
- Update
patches.suse/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
(CVE-2023-53178 bsc#1249827 git-fix CVE-2024-26832 bsc#1223007).
- Update
patches.suse/net-fix-UaF-in-netns-ops-registration-error-path.patch
(CVE-2022-50780 bsc#1256305 CVE-2023-52999 bsc#1240299).
- Update
patches.suse/net_sched-qfq-Fix-double-list-add-in-class-with-netem-as-c.patch
(CVE-2026-22976 bsc#1257035 CVE-2025-37913 bsc#1243471).
- Update
patches.suse/openvswitch-fix-lockup-on-tx-to-unregistering-netdev.patch
(bsc#1249854 CVE-2025-21681 bsc#1236702).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes CVE-2024-26935 bsc#1223675).
- Update
patches.suse/scsi-iscsi_tcp-Check-that-sock-is-valid-before-iscsi_set_p.patch
(git-fixes CVE-2023-53464 bsc#1250868).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-48838 bsc#1227988).
- Update
patches.suse/wifi-iwlwifi-Fix-error-code-in-iwl_op_mode_dvm_start.patch
(CVE-2025-38602 bsc#1248341 CVE-2025-38656 bsc#1248643).
- Update
patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
(CVE-2023-53226 bsc#1249658 CVE-2023-52525 bsc#1220840).
- commit 1d15285
- wifi: avoid kernel-infoleak from struct iw_point (CVE-2026-22978
bsc#1257227).
- commit 4470971
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit 1b61eee
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit e8558a0
- net: macvlan: Use built-in RCU list checking (CVE-2026-23001
bsc#1257232).
- macvlan: Use 'hash' iterators to simplify code (CVE-2026-23001
bsc#1257232).
- commit 56e1910
- ipv4: ip_gre: make ipgre_header() robust (CVE-2026-23011
bsc#1257207).
- commit ec13881
- net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs()
(CVE-2023-54218 bsc#1256229).
- net: prevent load/store tearing on sk->sk_stamp (CVE-2023-54218
bsc#1256229).
- commit 58808cc
- sock: Make sock->sk_stamp thread-safe (CVE-2023-54218
bsc#1256229).
- Refresh
patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit 93f2522
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 40ddb3a
- netlink: annotate accesses to nlk->cb_running (CVE-2023-53853
bsc#1254673).
- commit e5e9e66
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit c099250
- nfc: Fix potential resource leaks (CVE-2022-50834 bsc#1256219).
- commit 71aae68
- net/sched: sch_qfq: Fix NULL deref when deactivating inactive
aggregate in qfq_reset (CVE-2026-22976 bsc#1257035).
- commit 665af3c
- net_sched: qfq: Fix double list add in class with netem as
child qdisc (CVE-2026-22976 bsc#1257035).
- commit d6c7f6c
- usbnet: Prevents free active kevent (CVE-2025-68312
bsc#1255171).
- commit 8b74503
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- ethtool: Avoid overflowing userspace buffer on stats query
(CVE-2025-68795 bsc#1256688).
- kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg()
(git-fixes CVE-2023-53825 bsc#1254707).
- kcm: Fix memory leak in error path of kcm_sendmsg()
(CVE-2023-54112 bsc#1256354).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
(CVE-2022-50777 bsc#1256320).
- commit 1685ea3
- ima: Handle error code returned by ima_filter_rule_match() (CVE-2025-68740 bsc#1255812).
- commit 858a097
- usb: typec: ucsi: Handle incorrect num_connectors capability
(CVE-2025-71108 bsc#1256774).
- commit f98de60
- e1000: fix OOB in e1000_tbi_should_accept() (CVE-2025-71093
bsc#1256777).
- net/mlx5: fw_tracer, Validate format string parameters
(CVE-2025-68816 bsc#1256674).
- commit ee63540
- Revert "btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"
This reverts commit 416113fa7a7f7954975b36f72fe7f224da379b7c.
The patch that commit introduces is causing regressions, as it differs
a lot from upstream because there were many changes that happened
upstream and it's too risky to backport them. Further the issue fixed by
the patch is very rare and other than the Meta servers, no one ever
reported it, plus it's just triggering a WARN_ON(), nothing really serious
and certainly nothing that justifies it being a CVE.
See bsc#1257229 for the report of the regression.
- commit 63b49a5
- Revert "btrfs: fix wrong block_start calculation for"
This reverts commit 87607636696a2af6cb6697241eb8476a0cedfe56.
This commit introduces a patch that fixes a bug in the patch introduced by
the previous commit (416113fa7a7f7954975b36f72fe7f224da379b7c), but that
patch had to be too different from upstream since there were a lot of big
changes upstream and it's causing a regression. So remove this patch,
and the next commit will remove the other patch.
- commit 66f1f0f
- net: hns3: using the num_tqps in the vf driver to apply for resources (CVE-2025-71064 bsc#1256654)
- commit 06054f6
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (CVE-2025-68367 bsc#1255547)
- commit a2977a9
- media: s5p-mfc: Clear workbit to handle error condition (CVE-2022-50786 bsc#1256258)
- commit 6b48967
- team: fix check for port enabled in team_queue_override_port_prio_changed() (CVE-2025-71091 bsc#1256773)
- commit ad0dda9
- driver core: fix potential null-ptr-deref in device_add() (CVE-2023-54321 bsc#1255762)
- commit d382224
- Fix build-time warning from "drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup"
Fix the warning
* unused-variable (pdev) in ../drivers/gpu/drm/i915/intel_fbdev.c in intelfb_create
../drivers/gpu/drm/i915/intel_fbdev.c: In function 'intelfb_create':
../drivers/gpu/drm/i915/intel_fbdev.c:175:18: warning: unused variable 'pdev' [-Wunused-variable]
caused by this patch.
- commit 55ad6d4
- kABI: Fixup for struct mrp_applicant (CVE-2022-50697
bsc#1255594).
- commit 841f2f7
- mrp: introduce active flags to prevent UAF when applicant uninit
(CVE-2022-50697 bsc#1255594).
- commit 567f600
- btrfs: fix wrong block_start calculation for
btrfs_drop_extent_map_range() (bsc#1256267 CVE-2023-54121).
- commit 8760763
- btrfs: fix incorrect splitting in btrfs_drop_extent_map_range
(bsc#1256267 CVE-2023-54121).
- commit 416113f
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
debugfs (CVE-2022-50744 bsc#1256165).
- commit 268e0b4
- fsnotify: do not generate ACCESS/MODIFY events on child for
special files (bsc#1256638 CVE-2025-68788).
- commit d259bdb
- ext4: add i_data_sem protection in
ext4_destroy_inline_data_nolock() (bsc#1255164 CVE-2025-68261).
- commit 07d5d92
- nbd: defer config put in recv_work (bsc#1255537 CVE-2025-68372).
- commit 1113557
- nbd: defer config unlock in nbd_genl_connect (bsc#1255622
CVE-2025-68366).
- commit 3c02735
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when
file system corrupted (bsc#1255482 CVE-2025-68337).
- commit 582c147
- ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1256282 CVE-2022-50782).
- commit f60c869
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (bsc#1255880 CVE-2023-54202)
- commit 492f4ae
- kABI workaround for "drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup" (bsc#1255128)
- commit f3c8307
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128 CVE-2025-68296)
- commit 2d90c1b
- tcp: use dst_dev_rcu() in
tcp_fastopen_active_disable_ofo_check() (CVE-2025-68188
bsc#1255269).
- commit 0bb0de7
- Update patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch (bsc#1255943)
Fix potential crash, timer_setup uses different parameter type for callback.
- commit 07542cf
- net: ipv6: fix field-spanning memcpy warning in AH output
(CVE-2025-40363 bsc#1255102).
- commit 1148ce8
- ipv4: route: Prevent rt_bind_exception() from rebinding stale
fnhe (CVE-2025-68241 bsc#1255157).
- net: netpoll: fix incorrect refcount handling causing incorrect
cleanup (CVE-2025-68245 bsc#1255268).
- commit 9c41c99
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
(CVE-2022-50347 bsc#1249928).
- commit e0927c4
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094 CVE-2025-40323)
- commit 8cd32df
- Delete
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch.
- commit 734bbd3
- bpf: Reject narrower access to pointer ctx fields
(CVE-2025-38591 bsc#1248363).
- commit 406618c
- Update
patches.suse/bpf-fix-pointer-offsets-in-context-for-32-bit.patch
(bsc#1109837 bsc#1248363 CVE-2025-38591).
Include reference to bsc#1248363/CVE-2025-38591 as it is a dependency of
upstream commit e09299225d5b.
- commit 71b6a1d
- blk-throttle: prevent overflow while calculating wait time
(CVE-2022-50580 bsc#1252542).
- commit ef0f0b6
- arp: do not assume dev_hard_header() does not change skb->head
(CVE-2025-71098 bsc#1256591).
- ip6_gre: make ip6gre_header() robust (CVE-2025-71098
bsc#1256591).
- commit 6b38561
- ALSA: usb-mixer: us16x08: validate meter packet indices
(CVE-2025-68783 bsc#1256650).
- commit da95073
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(CVE-2022-50709 bsc#1255565).
- commit c5a755c
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(CVE-2025-71082 bsc#1256611).
- commit b7a4df1
- drm/amd/display: Check NULL before accessing (bsc#1255351 CVE-2025-68286)
- commit 8dc335b
- drm/amdgpu: fix nullptr err of vm_handle_moved (bsc#1255428 CVE-2025-40339)
- commit 2327b42
- drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
- commit 5fcdb4b
- drm/amdgpu: Remove explicit wait after VM validate (bsc#1255428)
- commit fb29e5d
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (bsc#1256398 CVE-2023-54047)
- commit dd69a49
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (bsc#1256779 CVE-2025-71120).
- commit 796bbfa
- btrfs: fix race when deleting free space root from the dirty
cow roots list (bsc#1256369 CVE-2023-54067).
- commit c200fa3
- Fix hugetlb locking regression (bsc#1256684)
Refresh
patches.suse/mm-hugetlb-fix-UAF-in-hugetlb_handle_userfault.patch.
- commit 9a8d34e
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1256221
CVE-2022-50770).
- commit 89af8ba
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode
(CVE-2023-54134 bsc#1256106).
- commit 2f939a3
- wifi: cfg80211: ocb: don't leave if not joined (CVE-2023-53992 bsc#1256058)
- commit 56289a8
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (CVE-2022-50884 bsc#1256127)
- commit d891f0c
- drm/vgem-fence: Fix potential deadlock on release (CVE-2025-68757 bsc#1255943)
- commit 1c62615
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (CVE-2023-54111 bsc#1256149)
- commit 0e36dc4
- hfsplus: Verify inode mode when loading from disk
(CVE-2025-68767 bsc#1256580).
- commit 5d4e3fb
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
(CVE-2025-68774 bsc#1256585).
- commit ceca245
- scsi: mpt3sas: Fix crash in transport port remove by using
ioc_info() (CVE-2025-40115 bsc#1253318).
- commit e748f8b
- ipv6: ensure sane device mtu in tunnels (CVE-2022-50816
bsc#1256038).
- Refresh patches.suse/ip6_tunnel-Fix-broken-GRO.patch.
- commit 59ff94e
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (CVE-2023-54274 bsc#1255905)
- commit 068be2d
- iavf: fix off-by-one issues in iavf_config_rss_reg()
(CVE-2025-71087 bsc#1256628).
- commit 3c9a37a
- RDMA/srpt: Fix disabling device management (bsc#1255905)
Refresh patches.suse/IB-srpt-Fix-memory-leak-in-srpt_add_one.patch
- commit bc87c75
- RDMA/srpt: Fix handling of SR-IOV and iWARP ports (bsc#1255905)
- commit 4ce5ebd
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (CVE-2025-68379 bsc#1255695)
- commit 6f3a231
- amba: bus: fix refcount leak (CVE-2023-54230 bsc#1255925).
- commit fbf714d
- media: tuners: qt1010: replace BUG_ON with a regular error
(CVE-2023-54282 bsc#1255810).
- commit becd663
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in
pnfs_mark_layout_stateid_invalid (CVE-2025-68349 bsc#1255544).
- commit 8958100
- netlink: do not hard code device address lenth in fdb dumps
(CVE-2023-53863 bsc#1254657).
- commit f777de6
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit b9ce8be
- net: fix UaF in netns ops registration error path
(CVE-2022-50780 bsc#1256305).
- commit 5a1f3db
- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init()
failed (CVE-2022-50780 bsc#1256305).
- commit bb6fa75
- tun: Fix memory leak for detached NAPI queue (CVE-2023-53685 bsc#1251770).
- commit 31c92c0
- netfilter: ebtables: fix table blob use-after-free
(CVE-2023-54243 bsc#1255908).
- commit 57c9b49
- drm/amdgpu: Fix PCI device refcount leak in
amdgpu_atrm_get_bios() (CVE-2022-50760 bsc#1255983).
- commit 96c5417
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex (CVE-2025-68354 bsc#1255553).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb() (CVE-2025-68362 bsc#1255611).
- commit d84610d
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in
nvme_fc_delete_ctrl() (CVE-2025-40261 bsc#1254839).
- commit e6047b6
- Bluetooth: hci_sock: Prevent race in socket write iter and
sock bind (CVE-2025-68305 bsc#1255169).
- platform/x86: intel: punit_ipc: fix memory corruption
(CVE-2025-68303 bsc#1255122).
- commit d0d5ae8
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (CVE-2023-54048 bsc#1256395)
- commit 58a38ef
- hwrng: amd - Convert PCIBIOS_* return codes to errnos (bsc#1256386)
- commit 2e95e1a
- hwrng: amd - Fix PCI device refcount leak (CVE-2022-50868 bsc#1256386)
- commit fbdd4ab
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (CVE-2022-50885 bsc#1256122)
- commit 1101dce
- RDMA/rxe: Fix the error caused by qp->sk (bsc#1256122)
- commit 36a77a8
- acct: fix potential integer overflow in encode_comp_t() (CVE-2022-50749 bsc#1256191)
- commit c31a201
- configfs: fix possible memory leak in configfs_create_dir() (CVE-2022-50751 bsc#1256184)
- commit 82a1812
- configfs: factor dirent removal into helpers (bsc#1256184)
- commit bfd428d
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
(CVE-2022-50865 bsc#1256168).
- commit 5312c7e
- wifi: ath9k: hif_usb: fix memory leak of urbs in
ath9k_hif_usb_dealloc_tx_urbs() (CVE-2022-50740 bsc#1256155).
- commit 3700208
- regulator: core: fix unbalanced of node refcount in
regulator_dev_lookup() (CVE-2022-50887 bsc#1256125).
- commit 689f145
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
(CVE-2022-50881 bsc#1256130).
- ath9k: Fix typo in function name (CVE-2022-50881 bsc#1256130).
- commit 807e5b2
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (CVE-2022-50880 bsc#1256132).
- commit 7101b87
- ALSA: line6: fix stack overflow in line6_midi_transmit
(CVE-2022-50719 bsc#1255939).
- commit 690b0fb
- nvme-pci: fix mempool alloc size (CVE-2023-50756 bsc#1256216).
- blacklist.conf:
- commit 85846d9
- ipv6: Fix potential uninit-value access in __ip6_make_skb()
(CVE-2023-54265 bsc#1255874).
- commit 0377cad
- ipv6: Fix an uninit variable access bug in __ip6_make_skb()
(CVE-2023-54265 bsc#1255874).
- commit dbe2f65
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit d531007
- vc_screen: reload load of struct vc_data pointer in vcs_write()
to avoid UAF (CVE-2023-53747 bsc#1254572).
- tty: serial: imx: disable Ageing Timer interrupt request irq
(CVE-2023-54287 bsc#1255804).
- commit 926f469
- Refresh
patches.suse/mm-hugetlb-fix-UAF-in-hugetlb_handle_userfault.patch.
Add a missing hunk which caused bsc#1256684.
- commit 85d641b
- nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844
CVE-2022-50717).
- nvmet-tcp: Fix NULL dereference when a connect data comes in
h2cdata pdu (bsc#1255844).
- commit b013137
- net: usb: qmi_wwan: initialize MAC header offset in
qmimux_rx_fixup (CVE-2025-68192 bsc#1255246).
- commit 359aab7
- HID: uclogic: Add NULL check in uclogic_input_configured()
(CVE-2023-54207 bsc#1255961).
- commit 8eae399
- drm/amdgpu/atom: Check kcalloc() for WS buffer in
amdgpu_atom_execute_table_locked() (CVE-2025-68190 bsc#1255131).
- commit 8a432e1
- HID: uclogic: Correct devm device reference for hidinput
input_dev name (CVE-2023-54207 bsc#1255961).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
(CVE-2022-50716 bsc#1255839).
- commit 8f729ac
- usb: storage: sddr55: Reject out-of-bound new_pba
(CVE-2025-40345 bsc#1255279).
- commit 2c4371e
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: rds: don't hold sock lock when cancelling work from
rds_tcp_reset_callbacks() (CVE-2022-50676 bsc#1254689).
- commit 8bbfbbe
- kABI fix for net: fix stack overflow when LRO is disabled for
virtual interfaces (CVE-2023-54012 bsc#1255571).
- commit 184711d
- net: fix stack overflow when LRO is disabled for virtual
interfaces (CVE-2023-54012 bsc#1255571).
- commit 3c3bd51
- Remove patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch (bsc#1256516)
This patch regresses fbcon output. We'll re-merge when the fix is ready.
- commit 394393a
- Bluetooth: Fix race condition in hidp_session_thread
(CVE-2023-54120 bsc#1256133).
- commit 5460154
- Update bug reference for patches.suse/drm-amdgpu-Fix-potential-NULL-dereference.patch (bsc#1251738)
- commit d91a743
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
(CVE-2023-53819 bsc#1254712).
- Refresh
patches.suse/0001-drm-amdgpu-validate-the-parameters-of-bo-mapping-ope.patch.
- commit 7ec6aaf
- mm: hugetlb: fix UAF in hugetlb_handle_userfault (CVE-2022-50630
bsc#1254785).
- commit a1aa6ca
- Update
patches.suse/0002-drm-client-Fix-memory-leak-in-drm_client_target_clon.patch
(bsc#1152446 CVE-2023-54091 bsc#1256274).
- Update
patches.suse/PCI-Fix-pci_device_is_present-for-VFs-by-checking-PF.patch
(git-fixes CVE-2022-50636 bsc#1254645).
- Update
patches.suse/RDMA-mlx4-Prevent-shift-wrapping-in-set_user_sq_size.patch
(git-fixes CVE-2023-54168 bsc#1256053).
- Update
patches.suse/Revert-Bluetooth-btsdio-fix-use-after-free-bug-in-bt.patch
(git-fixes CVE-2023-54197 bsc#1255969).
- Update
patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch
(git-fixes CVE-2022-50821 bsc#1256242).
- Update patches.suse/USB-sisusbvga-Add-endpoint-checks.patch
(git-fixes CVE-2023-54213 bsc#1255953).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch-e1d09c2c
(bsc#1226846 CVE-2023-54226 bsc#1255841).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 bsc#1225203 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch
(git-fixes CVE-2023-54224 bsc#1255951).
- Update
patches.suse/btrfs-fix-race-when-deleting-quota-root-from-the-dir.patch
(git-fixes CVE-2023-54032 bsc#1255617).
- Update
patches.suse/cifs-Fix-lost-destroy-smbd-connection-when-MR-allocate-failed.patch
(bsc#1190317 CVE-2023-54260 bsc#1255878).
- Update
patches.suse/cifs-Fix-the-error-length-of-VALIDATE_NEGOTIATE_INFO-message.patch
(bsc#1190317 CVE-2022-50859 bsc#1256172).
- Update
patches.suse/cifs-Fix-xid-leak-in-cifs_copy_file_range-.patch
(bsc#1190317 CVE-2022-50643 bsc#1254631).
- Update
patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch
(git-fixes CVE-2023-54317 bsc#1255771).
- Update
patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch
(git-fixes CVE-2023-53786 bsc#1254916).
- Update
patches.suse/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-bo.patch
(bsc#1207620 CVE-2022-50638 bsc#1255469).
- Update
patches.suse/ext4-fix-deadlock-due-to-mbcache-entry-corruption.patch
(bsc#1207653 CVE-2022-50668 bsc#1254763).
- Update
patches.suse/ext4-set-goal-start-correctly-in-ext4_mb_normalize_r.patch
(bsc#1214940 CVE-2023-54021 bsc#1255600).
- Update
patches.suse/ext4-silence-the-warning-when-evicting-inode-with-di.patch
(bsc#1206889 CVE-2022-50730 bsc#1256048).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-bug.patch
(git-fixes CVE-2023-54264 bsc#1255872).
- Update patches.suse/hfs-Fix-OOB-Write-in-hfs_asc2mac.patch
(git-fixes CVE-2022-50747 bsc#1256432).
- Update
patches.suse/hfs-fix-missing-hfs_bnode_get-in-__hfs_bnode_create.patch
(git-fixes CVE-2023-53862 bsc#1254994).
- Update
patches.suse/hfs-hfsplus-avoid-WARN_ON-for-sanity-check-use-prope.patch
(git-fixes CVE-2023-54130 bsc#1256114).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(git-fixes CVE-2023-54070 bsc#1256364).
- Update
patches.suse/inotify-Avoid-reporting-event-with-invalid-wd.patch
(bsc#1213025 CVE-2023-54119 bsc#1256349).
- Update
patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch
(git-fixes CVE-2022-50677 bsc#1254692).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch
(bsc#1207088 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/l2tp-Avoid-possible-recursive-deadlock-in-l2tp_tunne.patch
(CVE-2023-53020 bsc#1240224 CVE-2023-53809 bsc#1254722).
- Update
patches.suse/md-raid1-stop-mdx_raid1-thread-when-raid1-array-run-failed-b611.patch
(git-fixes CVE-2022-50715 bsc#1255749).
- Update
patches.suse/md-raid10-fix-memleak-for-conf-bio_split-c9ac.patch
(git-fixes CVE-2023-54123 bsc#1256142).
- Update
patches.suse/md-raid10-fix-memleak-of-md-thread-f0dd.patch
(git-fixes CVE-2023-54294 bsc#1255802).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-in-raid10_sync_request-a405.patch
(git-fixes CVE-2023-53832 bsc#1254671).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-usb-siano-Fix-use-after-free-bugs-caused-by-do.patch
(bsc#1213969 CVE-2023-4132 CVE-2023-54270 bsc#1255901).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_FRAGS.patch
(git-fixes CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-ieee802154-don-t-warn-zero-sized-raw_sendmsg.patch
(CVE-2022-49975 bsc#1245196 CVE-2022-50706 bsc#1255581).
- Update
patches.suse/orangefs-Fix-kmemleak-in-orangefs_prepare_debugfs_help_string.patch
(git-fixes CVE-2022-50779 bsc#1256423).
- Update
patches.suse/perf-x86-intel-uncore-Fix-reference-count-leak-in-snr_uncore_mmio_map.patch
(jsc#PED-5023 bsc#1211439 (git-fixes) CVE-2022-50615
bsc#1254580).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1065729 CVE-2023-54017 bsc#1255605).
- Update
patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch
(bsc#1065729 CVE-2022-50870 bsc#1256154).
- Update
patches.suse/pstore-Avoid-kcore-oops-by-vmap-ing-with-VM_IOREMAP.patch
(git-fixes CVE-2022-50849 bsc#1256193).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1214962 CVE-2023-54177 bsc#1255993).
- Update
patches.suse/s390-lcs-Fix-return-type-of-lcs_start_xmit.patch
(git-fixes bsc#1212173 CVE-2022-50728 bsc#1256046).
- Update
patches.suse/s390-vfio-ap-fix-memory-leak-in-vfio_ap-device-drive.patch
(git-fixes CVE-2023-53746 bsc#1254617).
- Update
patches.suse/scsi-hpsa-Fix-possible-memory-leak-in-hpsa_init_one.patch
(git-fixes CVE-2022-50646 bsc#1254634).
- Update patches.suse/scsi-ipr-Fix-WARNING-in-ipr_init.patch
(git-fixes CVE-2022-50850 bsc#1256194).
- Update
patches.suse/scsi-lpfc-Fix-ioremap-issues-in-lpfc_sli4_pci_mem_setup.patch
(git-fixes CVE-2023-53754 bsc#1254609).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handling.patch
(git-fixes CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1213747 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_bsg_to.patch
(bsc#1213747 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch
(bsc#1208570 CVE-2023-54108 bsc#1256355).
- Update
patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_enclosure_data_process.patch
(git-fixes CVE-2023-53803 bsc#1255165).
- Update
patches.suse/scsi-snic-Fix-possible-UAF-in-snic_tgt_create.patch
(git-fixes CVE-2022-50840 bsc#1256208).
- Update
patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_change_pm.patch
(CVE-2023-53176 bsc#1249991 CVE-2023-54220 bsc#1255949).
- Update
patches.suse/tpm-tpm_tis-Add-the-missed-acpi_put_table-to-fix-mem.patch
(bsc#1082555 CVE-2022-50824 bsc#1256334).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx.patch
(bsc#1082555 CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_disable.patch
(git-fixes bsc#1217036 CVE-2023-54211 bsc#1255843).
- Update patches.suse/udf-Avoid-double-brelse-in-udf_rename.patch
(bsc#1213032 CVE-2022-50755 bsc#1256199).
- Update
patches.suse/usb-early-xhci-dbc-Fix-a-potential-out-of-bound-memo.patch
(git-fixes CVE-2023-53840 bsc#1254709).
- Update
patches.suse/usb-idmouse-fix-an-uninit-value-in-idmouse_open.patch
(git-fixes CVE-2022-50733 bsc#1256064).
- Update
patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
(CVE-2023-23559 bsc#1207051 CVE-2023-54110 bsc#1256353).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_check_.patch
(git-fixes CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-typec-altmodes-displayport-fix-pin_assignment_sh.patch
(git-fixes CVE-2023-54186 bsc#1255985).
- Update
patches.suse/x86-kexec-Fix-double-free-of-elf-header-buffer.patch
(git-fixes CVE-2022-49546 bsc#1238750 CVE-2023-54146
bsc#1256091).
- Update
patches.suse/x86-xen-Fix-memory-leak-in-xen_init_lock_cpu.patch
(git-fixes CVE-2022-50761 bsc#1256062).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit f394de5
- ext4: fix deadlock when converting an inline directory in
nojournal mode (bsc#1255773 CVE-2023-54311).
- commit a558ce8
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit e43869a
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit 3da8d7a
- Update
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch
(bsc#1213287, CVE-2023-20569, bsc#1256129, CVE-2022-50879).
- commit 63563aa
- dm cache: free background tracker's queued work in
btracker_destroy (CVE-2023-53765, bsc#1254912).
- commit b7e0246
- drm/amdgpu: Fix potential NULL dereference (bsc#1251238)
- commit d24edfc
- drm/amdgpu: Fix size validation for non-exclusive domains (v4) (CVE-2022-50527 bsc#1251738)
- commit 256fea7
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (CVE-2022-50678 bsc#1254902)
- commit 667f172
- mmc: core: Fix kernel panic when remove non-standard SDIO card (CVE-2022-50640 bsc#1254686)
Refresh patches/patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch for context.
- commit 86efd5b
- nfc: pn533: Clear nfc_target before being used (CVE-2022-50656 bsc#1254745)
- commit 7246feb
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (CVE-2025-40275 bsc#1254829)
- commit 8d37c6b
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit 51664e0
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: stmmac: Correctly handle Rx checksum offload errors
(CVE-2025-40337 bsc#1255081).
- iavf: use internal state to free traffic IRQs (CVE-2023-53850
bsc#1254677).
- net/net_failover: fix txq exceeding warning (CVE-2023-54236
bsc#1255922).
- commit ab9819b
- Bluetooth: L2CAP: Fix potential user-after-free (CVE-2023-54214
bsc#1255954).
- commit 99d8a13
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
backtrace (CVE-2023-54286 bsc#1255803).
- commit 119b74e
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
(CVE-2023-53788 bsc#1254917).
- commit d36df4f
- media: mediatek: vcodec: Fix potential array out-of-bounds in
decoder queue_setup (CVE-2023-53748 bsc#1254907).
- commit 31217ab
- Revert "btrfs: tree-checker: Refactor root key check into separate function (bsc#1251748)"
This reverts commit b60efb96f6512618cec7832baf77ad7d368cfc95.
- commit e85541c
- Revert "btrfs: reject invalid reloc tree root keys with stack dump (CVE-2023-53618 bsc#1251748)"
This reverts commit 1015f12fd5cca42dd5f38e97a308eeefc26f2dc5.
- commit 6191ab1
- Refresh patches.suse/ipv6-use-RCU-in-ip6_xmit.patch (bsc#1255959)
- commit 73489ad
- fbcon: Set fb_display[i]->mode to NULL when the mode is released (bsc#1255094 CVE-2025-40323)
- commit 33a4327
- wifi: ath9k: avoid referencing uninit memory in
ath9k_wmi_ctrl_rx (CVE-2023-54300 bsc#1255790).
- commit 2e30457
- fbdev: bitblit: bound-check glyph index in bit_putcs* (bsc#1255092 CVE-2025-40322)
- commit 66bfa5a
- wifi: ath10k: Delay the unmapping of the buffer (CVE-2022-50700
bsc#1255576).
- commit f2d1c9b
- kabi/severities: ignore kABI breakage in atheros WiFi
Extend kABI severity quirks to tot only ath9k but other atheros WiFi drivers
Those symbols are only used locally, hence not for 3rd parties
- commit 3e22274
- Bluetooth: bcsp: receive data only if registered (CVE-2025-40308
bsc#1255064).
- commit 68b7fd3
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
(CVE-2025-40269 bsc#1255035).
- commit 3a18895
- wifi: brcmfmac: fix crash while sending Action Frames in
standalone AP Mode (CVE-2025-40321 bsc#1254795).
- commit 807acc6
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit dacd4a6
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (bsc#1255034 CVE-2025-40304)
- commit c06cf4e
- sctp: avoid NULL dereference when chunk data buffer is missing
(CVE-2025-40240 bsc#1254869).
- commit 65c4aba
- hfs: validate record offset in hfsplus_bmap_alloc
(CVE-2025-40349 bsc#1255280).
- commit f2d5c12
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
(CVE-2025-40351 bsc#1255281).
- commit 726272a
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496 CVE-2025-71119
bsc#1256730).
- commit e14b3fc
- ring-buffer: Do not swap cpu_buffer during resize process
(CVE-2023-53718 bsc#1252564).
- commit dde7681
- Move BPF kABI workarounds to the correct section
The kABI workaround for BPF backports are place at the end of
series.conf with the assumption that the "kABI consistency patches" is
at the end of series.conf. However that is not the case for SLE12-SP5.
Move them to under "kABI consistency patches".
- commit e8306c5
- Move kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch to patches.kabi
The kABI workaround was accidentally placed into patches.suse directly
by mistake, move it to the patches.kabi directory, where kABI workaround
should live.
- commit e2454a0
- kABI workaround for bpf: Enforce expected_attach_type for
tailcall compatibility (CVE-2025-40123 bsc#1253365).
- commit 15f8c57
- bpf: Enforce expected_attach_type for tailcall compatibility
(CVE-2025-40123 bsc#1253365).
- commit 0d4312e
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330
(bsc#1246370 CVE-2025-38336).
- commit bc71668
- hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent() (CVE-2025-40244 bsc#1255033).
- commit 4a719f8
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit ffc47ed
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit e87e362
- kabi: hide include of <net/lwtunnel.h> in include/net/ip.h
(CVE-2025-40074 bsc#1252794).
- commit 22c64b3
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402).
- commit 38b553a
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 5962377
- tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (CVE-2025-40149 bsc#1253355).
- commit 9e73f75
- smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427).
- commit 0dd4401
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- commit 7f84325
- smc: Fix use-after-free in __pnet_find_base_ndev()
(CVE-2025-40064 bsc#1252845).
- commit a90974f
- tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795).
- commit b2b82f1
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit c6c59c0
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 89f66e5
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit 1204669
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 41c00f2
- kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794).
- ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794).
- ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342).
- net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794).
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40074 bsc#1252794).
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074
bsc#1252794).
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40074 bsc#1252794).
- ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794).
- refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40074 bsc#1252794).
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40074 bsc#1252794).
- net: dst: annotate data-races around dst->output (CVE-2025-40074
bsc#1252794).
- net: dst: annotate data-races around dst->input (CVE-2025-40074
bsc#1252794).
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40074 bsc#1252794).
- net: dst: annotate data-races around dst->expires
(CVE-2025-40074 bsc#1252794).
- refresh patches.suse/ipv4-use-RCU-protection-in-__ip_rt_update_pmtu.patch
also use backport closer to mainline commit to make further backports easier
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40074 bsc#1252794).
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40074 bsc#1252794).
- tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794).
- ndisc: ndisc_send_redirect() cleanup (CVE-2025-40074
bsc#1252794).
- ipv4: icmp: convert to dev_net_rcu() (CVE-2025-40074
bsc#1252794).
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40074 bsc#1252794).
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu (CVE-2022-49604 CVE-2025-40074
bsc#1238414 bsc#1252794).
- blacklist.conf: remove 60c158dc7b1f from blacklist
it was blacklisted as unneeded but now we need it as a prerequisity for
the CVE-2025-40074 / bsc#1252794 series
- refresh patches.suse/ipv4-use-RCU-protection-in-ip_dst_mtu_maybe_forward.patch
- ip: Fix data-races around sysctl_ip_default_ttl (CVE-2025-40074
bsc#1252794).
- refresh patches.suse/ipv4-add-RCU-protection-to-ip4_dst_hoplimit.patch
use backport closer to mainline version to make further backports easier
- ipv6: ip6_skb_dst_mtu() cleanups (CVE-2025-40074 bsc#1252794).
- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward
(CVE-2025-40074 bsc#1252794).
- refresh patches.suse/ipv4-use-RCU-protection-in-ip_dst_mtu_maybe_forward.patch
- commit 7269666
- btrfs: reject invalid reloc tree root keys with stack dump (CVE-2023-53618 bsc#1251748)
- commit 1015f12
- btrfs: tree-checker: Refactor root key check into separate function (bsc#1251748)
Refresh patches.suse/btrfs-tree-checker-fix-false-alert-caused-by-legacy-.patch.
- commit b60efb9
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 71c7413
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 59e6618
- smc: Fix use-after-free in tcp_write_timer_handler()
(CVE-2023-53781 bsc#1254751).
- commit bf67dae
- cifs: fix potential use-after-free bugs in
TCP_Server_Info::hostname (bsc#1254986, CVE-2023-53751).
- commit 14c9faa
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling
SR-IOV (CVE-2025-40219 bsc#1254518).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register
(CVE-2022-50625 bsc#1254559).
- commit 4c61e27
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid
UAF (CVE-2025-40283 bsc#1254858).
- commit 4b3fb60
- smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256,
CVE-2025-38728).
- commit 9fb41f0
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431
CVE-2025-38085 bsc#1245499).
- commit f2cb81d
- HID: multitouch: Add NULL check in mt_input_configured (bsc#1250759)
- commit 9963a0f
- mm/hugetlb: fix folio is still mapped when deleted
(CVE-2025-40006 bsc#1252342).
- commit 79253cf
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (CVE-2025-40153 bsc#1253408).
- commit 174ebb8
- usbnet: Fix using smp_processor_id() in preemptible code
warnings (CVE-2025-40164 bsc#1253407).
- commit b10a5dd
- Disable CONFIG_CPU5_WDT
The cpu5wdt driver doesn't implement a proper watchdog interface and
has many code issues. It only handles obscure and obsolete hardware.
Stop building and supporting this driver (jsc#PED-14062).
- commit 12d0d02
- ext4: fix string copying in parse_apply_sb_mount_options()
(bsc#1253453 CVE-2025-40198).
- commit a350880
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 5b1fcbf
- ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options() (bsc#1253453 CVE-2025-40198).
- commit f93c3a5
- net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808)
- commit 4dfabf1
- pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463)
- commit 80993d6
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
(CVE-2025-40110 bsc#1253275).
- commit 78a9e64
- Squashfs: reject negative file sizes in squashfs_read_inode() (CVE-2025-40200 bsc#1253448)
- commit ce2cf29
- Squashfs: add additional inode sanity checking (bsc#1253448)
- commit dda3d33
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (CVE-2025-40035 bsc#1252866)
- commit 27315ae
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776)
- commit dc2cb58
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (CVE-2023-53641 bsc#1251728)
- commit cddd1eb
- thermal: intel_powerclamp: Use first online CPU as control_cpu (bsc#1251173)
- commit a5e3566
- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (CVE-2022-50494 bsc#1251173)
- commit 2222fc8
- drm/scheduler: signal scheduled fence when kill job (bsc#1247227 CVE-2025-38436)
- commit b828f36
- Update
patches.suse/tcp-Don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch
(git-fixes CVE-2025-40186 bsc#1253438).
- commit f901ef4
- HID: multitouch: Correct devm device reference for hidinput input_dev name (CVE-2023-53454 bsc#1250759)
- commit 0db515e
- net: dcb: choose correct policy to parse DCB_ATTR_BCN (CVE-2023-53369 bsc#1250206)
- commit 358246e
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (CVE-2025-40205 bsc#1253456)
- commit 22c9af2
- net/ip6_tunnel: Prevent perpetual tunnel growth (CVE-2025-40173
bsc#1253421).
- commit d8c4c44
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
(CVE-2025-40001 bsc#1252303).
- commit bb0f1cb
- uio_hv_generic: Let userspace take care of interrupt mask (CVE-2025-40048 bsc#1252862).
- commit 76a0e50
- sctp: Fix MAC comparison to be constant-time (CVE-2025-40204
bsc#1253436).
- commit eccee08
- smb3: fix Open files on server counter going negative
(git-fixes).
- commit 15583ca
- cifs: return a single-use cfid if we did not get a lease
(bsc#1228688).
- commit c039524
- cifs: Check the lease context if we actually got a lease
(bsc#1228688).
- Refresh
patches.suse/cifs-fix-open-leaks-in-open_cached_dir.patch.
- Refresh
patches.suse/smb-client-fix-potential-OOBs-in-smb2_parse_contexts-.patch.
- commit 9351453
- kabi/severities: Update info about kvm_86_ops
- commit 69450ab
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083 bsc#1252912).
- commit 2a85e50
- KVM: x86: Give a hint when Win2016 might fail to boot due to XSAVES erratum (git-fixes).
- commit 4d19df5
- Refresh patches.suse/x86-CPU-AMD-Disable-XSAVES-on-AMD-family-0x17.patch.
XSAVE feature clearing should apply to ZEN1/2 and not to K6 CPUs.
- commit b258ad9
- blacklist.conf: Add imxfb commit
- Delete
patches.suse/0002-video-fbdev-imxfb-Fix-an-error-message.patch.
- Delete
patches.suse/0004-fbdev-imxfb-warn-about-invalid-left-right-margin.patch.
We don't build this driver.
- commit a556fb5
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a
inner curve (bsc#1220419).
- commit 6275dfe
- scsi: ses: Handle enclosure with just a primary component
gracefully (git-fixes CVE-2023-53431 bsc#1250374).
- commit 1585d41
- PCI: aardvark: Fix checking for MEM resource type (git-fixes).
- commit ee4989d
- Fix another type-mismatch issue in fbcon patches (bsc#1252033 CVE-2025-39967 bsc#1253237)
Fix another type mismatch in fbcon font handling:
* comparison of distinct pointer types lacks a cast [enabled by default] in ../drivers/video/console/fbcon.c in fbcon_set_font (from ../include/linux/overflow.h)
In file included from ../include/linux/vmalloc.h:10:0,
../drivers/video/console/fbcon.c: In function 'fbcon_set_font':
../include/linux/overflow.h:150:15: warning: comparison of distinct pointer types lacks a cast [enabled by default]
../include/linux/overflow.h:206:4: note: in expansion of macro '__signed_add_overflow'
../drivers/video/console/fbcon.c:2467:6: note: in expansion of macro 'check_add_overflow'
* comparison of distinct pointer types lacks a cast [enabled by default] in ../include/linux/overflow.h
../include/linux/overflow.h:151:15: warning: comparison of distinct pointer types lacks a cast [enabled by default]
../include/linux/overflow.h:206:4: note: in expansion of macro '__signed_add_overflow'
../drivers/video/console/fbcon.c:2467:6: note: in expansion of macro 'check_add_overflow'
* comparison of distinct pointer types lacks a cast [enabled by default] in ../include/linux/overflow.h
../include/linux/overflow.h:101:15: warning: comparison of distinct pointer types lacks a cast [enabled by default]
../include/linux/overflow.h:207:4: note: in expansion of macro '__unsigned_add_overflow'
../drivers/video/console/fbcon.c:2467:6: note: in expansion of macro 'check_add_overflow'
* comparison of distinct pointer types lacks a cast [enabled by default] in ../include/linux/overflow.h
../include/linux/overflow.h:102:15: warning: comparison of distinct pointer types lacks a cast [enabled by default]
../include/linux/overflow.h:207:4: note: in expansion of macro '__unsigned_add_overflow'
../drivers/video/console/fbcon.c:2467:6: note: in expansion of macro 'check_add_overflow'
- commit 3586116
- Refresh
patches.suse/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested.
- Refresh
patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.
Add upstream commit ID and move to sorted section.
- commit 808b040
- dmaengine: bcm2835: Avoid GFP_KERNEL in device_prep_slave_sg
(bsc#1070872).
Rename, update with upstream description and reference, and move to the
sorted section.
- commit 3ac835f
- Move ocfs2 fixes to the sorted section
- commit c36ff63
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (CVE-2023-53229 bsc#1249650)
- commit 6e55df1
- Restore fixes for fbcon_do_set_font() (bsc#1252033 CVE-2025-39967 bsc#1253237)
The backport from bsc#1252033 failed because check_mul_overflow()
did not handle differences in type signs. Restore the patches and
fix them to use unsigned types for all calculations. Input arguments
are unsigned anyway.
- commit 7a71d84
- wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (CVE-2022-50551 bsc#1251322)
- commit 644642c
- r6040: Fix kmemleak in probe and remove (CVE-2022-50545 bsc#1251285)
- commit 506400a
- xfrm: Update ipcomp_scratches with NULL when freed
(CVE-2022-50569 bsc#1252640).
- commit 8b98d1b
- scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786 CVE-2023-53676).
- commit e9a3dc4
- util-linux-systemd
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).