- bind
-
- Upgrade to release 9.20.18
Security Fixes:
* Fix incorrect length checks for BRID and HHIT records.
(CVE-2025-13878)
[bsc#1256997]
Feature Changes:
* Add more information to the rndc recursing output about
fetches.
* Reduce the number of outgoing queries.
* Provide more information when memory allocation fails.
Bug Fixes:
* Make DNSSEC key rollovers more robust.
* Fix a catalog zone issue, where member zones could fail to
load.
* Allow glue in delegations with QTYPE=ANY.
* Fix slow speed when signing a large delegation zone with NSEC3
opt-out.
* Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to
be invalid.
* Fix a possible catalog zone issue during reconfiguration.
* Fix the charts in the statistics channel.
* Adding NSEC3 opt-out records could leave invalid records in
chain.
* Fix spurious timeouts while resolving names.
* Fix bug where zone switches from NSEC3 to NSEC after
retransfer.
* AMTRELAY type 0 presentation format handling was wrong.
* Fix parsing bug in remote-servers with key or TLS.
* Fix DoT reconfigure/reload bug in the resolver.
* Skip unsupported algorithms when looking for a signing key.
* Fix dnssec-keygen key collision checking for KEY RRtype keys.
* dnssec-verify now uses exit code 1 when failing due to illegal
options.
* Prevent assertion failures of dig when a server is specified
before the -b option.
* Skip buffer allocations if not logging.
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- glibc
-
- memalign-overflow-check.patch: memalign: reinstate alignment overflow
check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache
contention workloads (bsc#1256437, BZ #33704)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- kernel-default
-
- ext4: use optimized mballoc scanning regardless of inode format
(bsc#1254378).
- commit aa95fec
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit e7dee05
- x86/microcode/AMD: Select which microcode patch to load
(bsc#1256528).
- Refresh
patches.suse/x86-microcode-AMD-Handle-the-case-of-no-BIOS-microcode.patch.
- commit 3b809fe
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix
Halo (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev
(bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking
(bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known
generations (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples
(bsc#1256528).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final
(bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load
microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block
loading of any unreleased standalone Zen5 microcode patches
(bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value
(bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check
(bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches
(bsc#1256528).
- commit ed14359
- bpf: Fix invalid prog->stats access when update_effective_progs
fails (CVE-2025-68742 bsc#1255707).
- commit 53d4b3c
- bpf: Improve program stats run-time calculation (CVE-2025-68742
bsc#1255707).
- commit 4ed738f
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit dce9b13
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 46a797f
- bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242)
- commit 85b99e2
- tracing: Fix access to trace_event_file (bsc#1254373).
- commit 768b257
- Move out-of-tree patches into the right section
- commit 314797b
- drm/sched: Fix race in drm_sched_entity_select_rq() (git-fixes).
- commit d597802
- virtio_console: fix order of fields cols and rows
(stable-fixes).
- commit 0d412d7
- drm/amdgpu: Forward VMID reservation errors (git-fixes).
- commit a7344a2
- pinctrl: single: Fix PIN_CONFIG_BIAS_DISABLE handling
(stable-fixes).
- Refresh
patches.suse/pinctrl-single-fix-bias-pull-up-down-handling-in-pin.patch.
- commit bc41b99
- usb: ohci-nxp: fix device leak on probe failure (git-fixes).
- usb: usb-storage: Maintain minimal modifications to the
bcdDevice range (git-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042
quirk table (stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- i2c: designware: Disable SMBus interrupts to prevent storms
from mis-configured firmware (stable-fixes).
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to
VGBS DMI quirks (stable-fixes).
- pinctrl: single: Fix incorrect type for error return variable
(git-fixes).
- i3c: fix refcount inconsistency in i3c_master_register
(git-fixes).
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE
parsing (stable-fixes).
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie()
parser (stable-fixes).
- USB: serial: option: move Telit 0x10c7 composition in the
right place (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 new
compositions (stable-fixes).
- USB: serial: option: add Foxconn T99W760 (stable-fixes).
- USB: serial: ftdi_sio: match on interface number for jtag
(stable-fixes).
- usb: usb-storage: No additional quirks need to be added to
the EL-R12 optical drive (stable-fixes).
- usb: dwc2: fix hang during shutdown if set as peripheral
(git-fixes).
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
(stable-fixes).
- usb: typec: ucsi: Handle incorrect num_connectors capability
(stable-fixes).
- usbip: Fix locking bug in RT-enabled kernels (stable-fixes).
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
(stable-fixes).
- serial: add support of CPCI cards (stable-fixes).
- char: applicom: fix NULL pointer dereference in ac_ioctl
(stable-fixes).
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for
gcc complains (stable-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- via_wdt: fix critical boot hang due to unnamed resource
allocation (stable-fixes).
- ipmi: Fix __scan_channels() failing to rescan channels
(stable-fixes).
- ipmi: Fix the race between __scan_channels() and
deliver_response() (stable-fixes).
- reset: fix BIT macro reference (stable-fixes).
- firmware: imx: scu-irq: Init workqueue before request mbox
channel (stable-fixes).
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
(stable-fixes).
- mmc: sdhci-msm: Avoid early clock doubling during HS400
transition (stable-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation
of appl_ptr (git-fixes).
- media: amphion: Remove vpu_vb_is_codecconfig (git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
(stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1
(stable-fixes).
- ACPI: property: Use ACPI functions in
acpi_graph_get_next_endpoint() only (stable-fixes).
- ACPICA: Avoid walking the Namespace if start_node is NULL
(stable-fixes).
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration
(stable-fixes).
- platform/x86: acer-wmi: Ignore backlight event (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
(stable-fixes).
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally
(stable-fixes).
- platform/x86: huawei-wmi: add keys for HONOR models
(stable-fixes).
- HID: elecom: Add support for ELECOM M-XT3URBK (018F)
(stable-fixes).
- HID: hid-input: Extend Elan ignore battery quirk to USB
(stable-fixes).
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk
list (stable-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- spi: xilinx: increase number of retries before declaring stall
(stable-fixes).
- spi: imx: keep dma request disabled before dma transfer setup
(stable-fixes).
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series
(stable-fixes).
- Bluetooth: btrtl: Avoid loading the config file on security
chips (stable-fixes).
- media: amphion: Make some vpu_v4l2 functions static
(stable-fixes).
- usb: dwc2: disable platform lowlevel hw resources during
shutdown (stable-fixes).
- media: amphion: Add a frame flush mode for decoder
(stable-fixes).
- usb: ohci-nxp: Use helper function devm_clk_get_enabled()
(stable-fixes).
- drm/tilcdc: request and mapp iomem with devres (stable-fixes).
- media: verisilicon: g2: Use common helpers to compute chroma
and mv offsets (stable-fixes).
- media: verisilicon: Store chroma and motion vectors offset
(stable-fixes).
- i3c: master: Inherit DMA masks and parameters from parent device
(stable-fixes).
- commit bc3be49
- supported.conf: mark ksmbd unsupported
Based on discussion with Enzo Matsumiya it has tuned out that ksmbd
module is unsupported but the supported.conf entry is incorrect. Fix
that.
- commit c800e3f
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in
EEH event handling (bsc#1253262 ltc#216029).
- commit daa4104
- Update
patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch
(git-fixes CVE-2025-40294 bsc#1255181).
- Update
patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch
(git-fixes CVE-2025-40213 bsc#1253674).
- Update
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch
(git-fixes CVE-2025-68298 bsc#1255124).
- Update
patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch
(git-fixes CVE-2025-68306 bsc#1255145).
- Update
patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch
(git-fixes CVE-2025-68749 bsc#1255724).
- Update
patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch
(stable-fixes CVE-2025-40354 bsc#1255316).
- Update
patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch
(stable-fixes CVE-2025-68190 bsc#1255131).
- Update
patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch
(stable-fixes CVE-2025-68230 bsc#1255134).
- Update
patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch
(stable-fixes CVE-2025-40339 bsc#1255428).
- Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch
(stable-fixes CVE-2025-68201 bsc#1255136).
- Update
patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch
(bsc#1243112 CVE-2025-40332 bsc#1255116).
- Update
patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch
(git-fixes CVE-2025-68184 bsc#1255220).
- Update
patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch
(git-fixes CVE-2025-68747 bsc#1255723).
- Update
patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch
(git-fixes CVE-2025-40225 bsc#1254827).
- Update
patches.suse/drm-panthor-Flush-shmem-writes-before-mapping-buffer.patch
(git-fixes CVE-2025-40276 bsc#1254824).
- Update
patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch
(git-fixes CVE-2025-68170 bsc#1255256).
- Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch
(git-fixes CVE-2025-68181 bsc#1255247).
- Update
patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch
(stable-fixes CVE-2025-68223 bsc#1255357).
- Update
patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch
(git-fixes CVE-2025-40360 bsc#1255095).
- Update
patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch
(stable-fixes CVE-2025-40340 bsc#1254996).
- Update
patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch
(git-fixes CVE-2025-68207 bsc#1255234).
- Update
patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch
(git-fixes CVE-2025-40302 bsc#1255196).
- Update
patches.suse/perf-x86-intel-Fix-KASAN-global-out-of-bounds-warning.patch
(git-fixes CVE-2025-40359 bsc#1255087).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- commit 946dbf2
- Update
patches.suse/1260-drm-amdkfd-Add-missing-gfx11-MQD-manager-callbacks.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54261
bsc#1255879).
- Update
patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch
(git-fixes CVE-2025-40211 bsc#1254126).
- Update
patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch
(git-fixes CVE-2025-68346 bsc#1255603).
- Update
patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch
(git-fixes CVE-2025-68753 bsc#1256238).
- Update
patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch
(git-fixes CVE-2025-68347 bsc#1255706).
- Update
patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch
(git-fixes CVE-2025-68345 bsc#1255601).
- Update
patches.suse/ALSA-pcm-Fix-potential-data-race-at-PCM-memory-.patch
(bsc#1012628 CVE-2023-54072 bsc#1256291).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch
(git-fixes CVE-2025-40275 bsc#1254829).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-memory-leaks-at-error-p.patch
(jsc#PED-6045 jsc#PED-6036 jsc#PED-6104 jsc#PED-6114
jsc#PED-6067 jsc#PED-6123 CVE-2023-54022 bsc#1255545).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
(stable-fixes CVE-2025-40269 bsc#1255035).
- Update
patches.suse/ASoC-codecs-wcd-mbhc-v2-fix-resource-leaks-on-c.patch
(bsc#1012628 CVE-2023-53842 bsc#1254690).
- Update
patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch
(git-fixes CVE-2025-40282 bsc#1254850).
- Update
patches.suse/Bluetooth-ISO-fix-iso_conn-related-locking-and-.patch
(bsc#1012628 CVE-2023-54164 bsc#1256071).
- Update
patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch
(git-fixes CVE-2025-40284 bsc#1254860).
- Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch
(stable-fixes CVE-2025-40309 bsc#1255065).
- Update
patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch
(stable-fixes CVE-2025-40308 bsc#1255064).
- Update
patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch
(git-fixes CVE-2025-40283 bsc#1254858).
- Update
patches.suse/Bluetooth-hci_conn-return-ERR_PTR-instead-of-NU.patch
(bsc#1012628 CVE-2023-54038 bsc#1255540).
- Update
patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch
(git-fixes CVE-2025-40301 bsc#1255193).
- Update
patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch
(git-fixes CVE-2025-68305 bsc#1255169).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-.patch
(bsc#1012628 CVE-2023-54210 bsc#1255955).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-for-h.patch
(git-fixes CVE-2023-53828 bsc#1254623).
- Update
patches.suse/Bluetooth-hci_sync-Fix-UAF-in-hci_disconnect_all_syn.patch
(git-fixes CVE-2023-53762 bsc#1254606).
- Update
patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch
(git-fixes CVE-2025-40318 bsc#1254798).
- Update
patches.suse/FS-JFS-Check-for-read-only-mounted-filesystem-i.patch
(bsc#1012628 CVE-2023-53766 bsc#1255005).
- Update
patches.suse/HID-hidraw-fix-data-race-on-device-refcount.patch
(bsc#1012628 CVE-2023-53759 bsc#1254663).
- Update
patches.suse/HID-uclogic-Correct-devm-device-reference-for-hidinp.patch
(git-fixes CVE-2023-54207 bsc#1255961).
- Update
patches.suse/HID-wacom-Use-ktime_t-rather-than-int-when-deal.patch
(bsc#1012628 CVE-2023-53797 bsc#1254733).
- Update
patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch
(stable-fixes CVE-2025-40263 bsc#1255077).
- Update
patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch
(git-fixes CVE-2025-40262 bsc#1254840).
- Update
patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch
(git-fixes CVE-2025-68217 bsc#1255221).
- Update
patches.suse/KVM-SVM-Get-source-vCPUs-from-source-VM-for-SEV-ES-i.patch
(git-fixes CVE-2023-54296 bsc#1255793).
- Update
patches.suse/KVM-s390-pv-fix-index-value-of-replaced-ASCE.patch
(bsc#1012628 CVE-2023-54092 bsc#1256370).
- Update patches.suse/MIPS-KVM-Fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-54241 bsc#1255838).
- Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch
(git-fixes CVE-2025-40324 bsc#1254791).
- Update
patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch
(git-fixes CVE-2025-40273 bsc#1254828).
- Update patches.suse/PCI-DOE-Fix-destroy_work_on_stack-race.patch
(git-fixes CVE-2023-54235 bsc#1255921).
- Update
patches.suse/PCI-Free-released-resource-after-coalescing.patch
(git-fixes CVE-2023-53743 bsc#1254782).
- Update
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch
(git-fixes CVE-2025-40219 bsc#1254518).
- Update
patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch
(stable-fixes CVE-2025-68176 bsc#1255329).
- Update
patches.suse/RDMA-bnxt_re-Prevent-handling-any-completions-a.patch
(bsc#1012628 CVE-2023-54048 bsc#1256395).
- Update
patches.suse/RDMA-efa-Fix-wrong-resources-deallocation-order.patch
(git-fixes CVE-2023-54201 bsc#1255964).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-completion-stat.patch
(bsc#1012628 CVE-2023-54302 bsc#1255792).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-request-done.patch
(bsc#1012628 CVE-2023-54292 bsc#1255800).
- Update
patches.suse/Revert-IB-isert-Fix-incorrect-release-of-isert-conne.patch
(git-fixes CVE-2023-54219 bsc#1256231).
- Update
patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch
(stable-fixes CVE-2025-40311 bsc#1255068).
- Update
patches.suse/accel-qaic-Clean-up-integer-overflow-checking-.patch
(bsc#1012628 CVE-2023-53778 bsc#1254761).
- Update
patches.suse/af_unix-Fix-data-race-around-unix_tot_inflight.patch
(git-fixes CVE-2023-54006 bsc#1255591).
- Update patches.suse/amba-bus-fix-refcount-leak.patch (git-fixes
CVE-2023-54230 bsc#1255925).
- Update
patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch
(stable-fixes CVE-2025-40310 bsc#1255041).
- Update
patches.suse/amdgpu-validate-offset_in_bo-of-drm_amdgpu_gem_.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53819
bsc#1254712).
- Update patches.suse/arm64-mm-fix-VA-range-sanity-check.patch
(bsc#1012628 CVE-2023-53989 bsc#1256302).
- Update
patches.suse/arm64-set-__exception_irq_entry-with-__irq_entr.patch
(bsc#1012628 CVE-2023-54322 bsc#1255763).
- Update
patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch
(git-fixes CVE-2025-68339 bsc#1255505).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/autofs-fix-memory-leak-of-waitqueues-in-autofs_catat.patch
(git-fixes CVE-2023-54134 bsc#1256106).
- Update
patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch
(git-fixes CVE-2025-68758 bsc#1255944).
- Update
patches.suse/bcache-fixup-btree_cache_wait-list-damage.patch
(bsc#1012628 CVE-2023-54293 bsc#1255801).
- Update patches.suse/binder-fix-memory-leak-in-binder_init.patch
(bsc#1012628 CVE-2023-54005 bsc#1255629).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/blk-cgroup-hold-queue_lock-when-removing-blkg-.patch
(bsc#1012628 CVE-2023-54088 bsc#1256263).
- Update
patches.suse/blk-mq-fix-tags-leak-when-shrink-nr_hw_queues.patch
(bsc#1216436 CVE-2023-54227 bsc#1255952).
- Update
patches.suse/block-fix-blktrace-debugfs-entries-leakage.patch
(bsc#1012628 CVE-2023-54209 bsc#1255963).
- Update
patches.suse/block-rq_qos-protect-rq_qos-apis-with-a-new-loc.patch
(bsc#1012628 CVE-2023-53823 bsc#1254691).
- Update
patches.suse/bpf-Address-KCSAN-report-on-bpf_lru_list.patch
(bsc#1012628 CVE-2023-54283 bsc#1255809).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_event_output.patch
(bsc#1012628 CVE-2023-54173 bsc#1255996).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_perf_event_outpu.patch
(bsc#1012628 CVE-2023-54303 bsc#1255785).
- Update
patches.suse/bpf-Fix-issue-in-verifying-allow_ptr_leaks.patch
(jsc#PED-6811 CVE-2023-54181 bsc#1255988).
- Update
patches.suse/bpf-Silence-a-warning-in-btf_type_id_size.patch
(bsc#1012628 CVE-2023-54247 bsc#1255892).
- Update
patches.suse/bpf-bpf_sk_storage-Fix-invalid-wait-context-lockdep-.patch
(jsc#PED-6811 CVE-2023-53857 bsc#1254648).
- Update
patches.suse/bpf-drop-unnecessary-user-triggerable-WARN_ONCE.patch
(bsc#1012628 CVE-2023-54145 bsc#1256090).
- Update
patches.suse/bpf-sockmap-Fix-skb-refcnt-race-after-locking-change.patch
(jsc#PED-6811 CVE-2023-53836 bsc#1254693).
- Update
patches.suse/btrfs-fix-incorrect-splitting-in-btrfs_drop_ex.patch
(bsc#1012628 CVE-2023-54121 bsc#1256267).
- Update
patches.suse/btrfs-fix-lockdep-splat-and-potential-deadlock-after.patch
(git-fixes CVE-2023-54224 bsc#1255951).
- Update
patches.suse/btrfs-fix-race-between-balance-and-cancel-pause.patch
(bsc#1012628 CVE-2023-54023 bsc#1256301).
- Update
patches.suse/btrfs-fix-race-when-deleting-free-space-root-fr.patch
(bsc#1012628 CVE-2023-54067 bsc#1256369).
- Update
patches.suse/btrfs-fix-race-when-deleting-quota-root-from-th.patch
(bsc#1012628 CVE-2023-54032 bsc#1255617).
- Update
patches.suse/btrfs-fix-warning-when-putting-transaction-with.patch
(bsc#1012628 CVE-2023-53865 bsc#1254762).
- Update
patches.suse/btrfs-release-path-before-inode-lookup-during-the-in.patch
(git-fixes CVE-2023-54281 bsc#1255820).
- Update
patches.suse/btrfs-remove-BUG_ON-s-in-add_new_free_space.patch
(bsc#1012628 CVE-2023-54185 bsc#1255984).
- Update
patches.suse/btrfs-set-page-extent-mapped-after-read_folio-in-rel.patch
(git-fixes CVE-2023-54253 bsc#1255891).
- Update
patches.suse/btrfs-zoned-fix-memory-leak-after-finding-block.patch
(bsc#1012628 CVE-2023-54297 bsc#1255795).
- Update
patches.suse/btrfs-zoned-skip-splitting-and-logical-rewriting-on-.patch
(bsc#1223731 CVE-2024-26944 CVE-2023-54080 bsc#1256367).
- Update
patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch
(git-fixes CVE-2025-68307 bsc#1255146).
- Update
patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch
(git-fixes CVE-2025-68308 bsc#1255149).
- Update
patches.suse/cifs-fix-potential-oops-in-cifs_oplock_break.patch
(bsc#1012628 CVE-2023-54258 bsc#1255886).
- Update
patches.suse/cifs-fix-session-state-check-in-reconnect-to-a.patch
(bsc#1012628 CVE-2023-53794 bsc#1255163).
- Update
patches.suse/clk-clocking-wizard-Fix-Oops-in-clk_wzrd_regist.patch
(bsc#1012628 CVE-2023-53807 bsc#1254724).
- Update
patches.suse/clk-imx93-fix-memory-leak-and-missing-unwind-go.patch
(bsc#1012628 CVE-2023-54221 bsc#1255842).
- Update
patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch
(git-fixes CVE-2025-68332 bsc#1255483).
- Update
patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch
(git-fixes CVE-2025-68257 bsc#1255167).
- Update
patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch
(git-fixes CVE-2025-68258 bsc#1255182).
- Update
patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch
(git-fixes CVE-2025-68335 bsc#1255480).
- Update
patches.suse/crypto-api-Use-work-queue-in-crypto_destroy_instance.patch
(git-fixes CVE-2023-53799 bsc#1254732).
- Update
patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch
(git-fixes CVE-2025-68172 bsc#1255253).
- Update
patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch
(git-fixes CVE-2025-68724 bsc#1255550).
- Update
patches.suse/dccp-Fix-out-of-bounds-access-in-DCCP-error-handler.patch
(bsc#1220419 CVE-2023-53782 bsc#1254758).
- Update
patches.suse/dccp-fix-data-race-around-dp-dccps_mss_cache.patch
(bsc#1012628 CVE-2023-53839 bsc#1254655).
- Update
patches.suse/devlink-report-devlink_port_type_warn-source-de.patch
(bsc#1012628 CVE-2023-53841 bsc#1255009).
- Update
patches.suse/dm-don-t-attempt-to-queue-IO-under-RCU-protection-a9ce.patch
(jsc#PED-7514 CVE-2023-53860 bsc#1254626).
- Update
patches.suse/dm-fix-a-race-condition-in-retrieve_deps-f600.patch
(jsc#PED-7514 CVE-2023-54324 bsc#1255759).
- Update
patches.suse/driver-soc-xilinx-use-_safe-loop-iterator-to-av.patch
(bsc#1012628 CVE-2023-54101 bsc#1256153).
- Update
patches.suse/drm-amd-display-Check-NULL-before-accessing.patch
(stable-fixes CVE-2025-68286 bsc#1255351).
- Update
patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch
(git-fixes CVE-2025-68180 bsc#1255252).
- Update
patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch
(stable-fixes CVE-2025-40288 bsc#1255057).
- Update
patches.suse/drm-bridge-dw_hdmi-fix-connector-access-for-scd.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53784
bsc#1254765).
- Update
patches.suse/drm-client-Fix-memory-leak-in-drm_client_target.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54091
bsc#1256274).
- Update
patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch
(git-fixes CVE-2025-68244 bsc#1255190).
- Update
patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch
(git-fixes CVE-2025-40316 bsc#1254797).
- Update
patches.suse/drm-msm-dp-Drop-aux-devices-together-with-DP-co.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53851
bsc#1254695).
- Update
patches.suse/drm-mxsfb-Disable-overlay-plane-in-mxsfb_plane_overl.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53864
bsc#1254754).
- Update
patches.suse/drm-nouveau-kms-nv50-init-hpd_irq_lock-for-PIOR.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54263
bsc#1255883).
- Update
patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch
(git-fixes CVE-2025-40329 bsc#1254621).
- Update patches.suse/drm-tegra-Add-call-to-put_pid.patch
(git-fixes CVE-2025-68233 bsc#1255206).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-eviction-error.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-54254
bsc#1255890).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-swapout-move-e.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53844
bsc#1254649).
- Update
patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch
(git-fixes CVE-2025-68757 bsc#1255943).
- Update
patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch
(git-fixes CVE-2025-40277 bsc#1254894).
- Update
patches.suse/erofs-kill-hooked-chains-to-avoid-loops-on-dedu.patch
(bsc#1012628 CVE-2023-53777 bsc#1254749).
- Update
patches.suse/exfat-use-kvmalloc_array-kvfree-instead-of-kma.patch
(bsc#1012628 CVE-2023-54194 bsc#1255974).
- Update
patches.suse/ext4-correct-grp-validation-in-ext4_mb_good_group.patch
(bsc#1234163 CVE-2023-53861 bsc#1254678).
- Update
patches.suse/ext4-fix-BUG-in-ext4_mb_new_inode_pa-due-to-overflow.patch
(bsc#1219165 CVE-2023-54069 bsc#1256371).
- Update
patches.suse/ext4-fix-rbtree-traversal-bug-in-ext4_mb_use_pr.patch
(bsc#1012628 CVE-2023-53813 bsc#1254717).
- Update
patches.suse/ext4-turn-quotas-off-if-mount-failed-after-enab.patch
(bsc#1012628 CVE-2023-54153 bsc#1256081).
- Update
patches.suse/f2fs-fix-to-do-sanity-check-on-direct-node-in-.patch
(bsc#1012628 CVE-2023-53846 bsc#1254983).
- Update
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch
(stable-fixes CVE-2025-40323 bsc#1255094).
- Update
patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch
(stable-fixes CVE-2025-40304 bsc#1255034).
- Update
patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch
(stable-fixes CVE-2025-40322 bsc#1255092).
- Update
patches.suse/firmware-meson_sm-fix-to-avoid-potential-NULL-pointe.patch
(git-fixes CVE-2023-54304 bsc#1255786).
- Update
patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch
(git-fixes CVE-2025-68328 bsc#1255489).
- Update
patches.suse/fs-Protect-reconfiguration-of-sb-read-write-fr.patch
(bsc#1012628 CVE-2023-54099 bsc#1256197).
- Update
patches.suse/fs-jfs-prevent-double-free-in-dbUnmount-after-failed-jfs_remount.patch
(git-fixes CVE-2023-54127 bsc#1256119).
- Update
patches.suse/fs-ntfs3-Return-error-for-inconsistent-extende.patch
(bsc#1012628 CVE-2023-54125 bsc#1256117).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-b.patch
(bsc#1012628 CVE-2023-54264 bsc#1255872).
- Update
patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch
(git-fixes CVE-2025-68732 bsc#1255688).
- Update
patches.suse/gtp-Fix-use-after-free-in-__gtp_encap_destroy.patch
(bsc#1012628 CVE-2023-54142 bsc#1256095).
- Update
patches.suse/hfs-validate-record-offset-in-hfsplus_bmap_alloc.patch
(git-fixes CVE-2025-40349 bsc#1255280).
- Update
patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-__hfsplus_ext_cache_extent.patch
(git-fixes CVE-2025-40244 bsc#1255033).
- Update
patches.suse/hfsplus-fix-KMSAN-uninit-value-issue-in-hfsplus_delete_cat.patch
(git-fixes CVE-2025-40351 bsc#1255281).
- Update
patches.suse/hwrng-virtio-Fix-race-on-data_avail-and-actual-.patch
(bsc#1012628 CVE-2023-53998 bsc#1255578).
- Update
patches.suse/iavf-use-internal-state-to-free-traffic-IRQs.patch
(bsc#1012628 CVE-2023-53850 bsc#1254677).
- Update
patches.suse/ice-prevent-NULL-pointer-deref-during-reload.patch
(bsc#1012628 CVE-2023-54037 bsc#1255557).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(jsc#PED-4866 CVE-2023-54070 bsc#1256364).
- Update
patches.suse/igc-Fix-Kernel-Panic-during-ndo_tx_timeout-call.patch
(bsc#1012628 CVE-2023-54166 bsc#1256074).
- Update
patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch
(stable-fixes CVE-2025-68330 bsc#1255493).
- Update
patches.suse/iio-adc-ina2xx-avoid-NULL-pointer-dereference-.patch
(bsc#1012628 CVE-2023-53834 bsc#1254660).
- Update
patches.suse/iio-core-Prevent-invalid-memory-access-when-th.patch
(bsc#1012628 CVE-2023-54027 bsc#1255579).
- Update
patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch
(git-fixes CVE-2025-68740 bsc#1255812).
- Update
patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch
(stable-fixes CVE-2025-68183 bsc#1255251).
- Update
patches.suse/io_uring-net-don-t-overflow-multishot-recv.patch
(bsc#1215211 CVE-2023-54030 bsc#1255691).
- Update
patches.suse/iomap-Fix-possible-overflow-condition-in-iomap_write_delalloc_scan.patch
(jsc#PED-5453 CVE-2023-54285 bsc#1255807).
- Update
patches.suse/iommufd-IOMMUFD_DESTROY-should-not-increase-the.patch
(bsc#1012628 CVE-2023-53795 bsc#1254737).
- Update
patches.suse/iommufd-Set-end-correctly-when-doing-batch-carr.patch
(bsc#1012628 CVE-2023-54060 bsc#1256379).
- Update
patches.suse/ionic-remove-WARN_ON-to-prevent-panic_on_warn.patch
(bsc#1012628 CVE-2023-53994 bsc#1255570).
- Update
patches.suse/ip6_vti-fix-slab-use-after-free-in-decode_sess.patch
(bsc#1012628 CVE-2023-53821 bsc#1254669).
- Update
patches.suse/ipmi-ssif-Fix-a-memory-leak-when-scanning-for-an-ada.patch
(git-fixes CVE-2023-54064 bsc#1256375).
- Update
patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch
(git-fixes CVE-2025-68766 bsc#1255932).
- Update
patches.suse/isdn-mISDN-hfcsusb-fix-memory-leak-in-hfcsusb_probe.patch
(git-fixes CVE-2025-68734 bsc#1255538).
- Update
patches.suse/jfs-Verify-inode-mode-when-loading-from-disk.patch
(git-fixes CVE-2025-40312 bsc#1255046).
- Update
patches.suse/jfs-fix-uninitialized-waitqueue-in-transaction-manager.patch
(git-fixes CVE-2025-68168 bsc#1255100).
- Update
patches.suse/kcm-Fix-error-handling-for-SOCK_DGRAM-in-kcm_sendmsg.patch
(bsc#1220419 CVE-2023-53825 bsc#1254707).
- Update
patches.suse/kcm-Fix-memory-leak-in-error-path-of-kcm_sendmsg.patch
(bsc#1220419 CVE-2023-54112 bsc#1256354).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s.patch
(bsc#1012628 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/maple_tree-fix-potential-out-of-bounds-access-i.patch
(bsc#1012628 CVE-2023-54135 bsc#1256107).
- Update
patches.suse/md-fix-warning-for-holder-mismatch-from-export_rdev.patch
(git-fixes CVE-2023-53791 bsc#1254742).
- Update
patches.suse/md-raid5-cache-fix-a-deadlock-in-r5l_exit_log-a705.patch
(jsc#PED-7542 CVE-2023-53848 bsc#1254753).
- Update
patches.suse/media-af9005-Fix-null-ptr-deref-in-af9005_i2c_xfer.patch
(git-fixes CVE-2023-54314 bsc#1255776).
- Update
patches.suse/media-anysee-fix-null-ptr-deref-in-anysee_master_xfe.patch
(git-fixes CVE-2023-54093 bsc#1256273).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-dvb-usb-v2-gl861-Fix-null-ptr-deref-in-gl861_i.patch
(git-fixes CVE-2023-54066 bsc#1256373).
- Update
patches.suse/media-imon-make-send_packet-more-robust.patch
(stable-fixes CVE-2025-68194 bsc#1255325).
- Update
patches.suse/media-mediatek-vcodec-fix-resource-leaks-in-vdec_msg.patch
(git-fixes CVE-2023-54143 bsc#1256096).
- Update
patches.suse/media-tuners-qt1010-replace-BUG_ON-with-a-regular-er.patch
(git-fixes CVE-2023-54282 bsc#1255810).
- Update
patches.suse/media-v4l2-core-Fix-a-potential-resource-leak-in-v4l.patch
(git-fixes CVE-2023-54183 bsc#1255990).
- Update
patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch
(git-fixes CVE-2025-68252 bsc#1255197).
- Update
patches.suse/misc-pci_endpoint_test-Free-IRQs-before-removin.patch
(bsc#1012628 CVE-2023-54326 bsc#1255758).
- Update
patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch
(git-fixes CVE-2025-40272 bsc#1254832).
- Update
patches.suse/mmc-sunplus-fix-return-value-check-of-mmc_add_.patch
(bsc#1012628 CVE-2023-54204 bsc#1255967).
- Update
patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch
(git-fixes CVE-2025-40223 bsc#1254957).
- Update
patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch
(git-fixes CVE-2025-68290 bsc#1255154).
- Update
patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch
(git-fixes CVE-2025-68249 bsc#1255233).
- Update
patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch
(git-fixes CVE-2025-68765 bsc#1255931).
- Update
patches.suse/mt76-mt7921-don-t-assume-adequate-headroom-for-SDIO-.patch
(git-fixes CVE-2023-53785 bsc#1254918).
- Update
patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch
(git-fixes CVE-2025-68238 bsc#1255202).
- Update
patches.suse/mtd-rawnand-fsl_upm-Fix-an-off-by-one-test-in-.patch
(bsc#1012628 CVE-2023-54104 bsc#1256145).
- Update
patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch
(git-fixes CVE-2025-68237 bsc#1255203).
- Update
patches.suse/net-core-remove-unnecessary-frame_sz-check-in-.patch
(bsc#1012628 CVE-2023-54155 bsc#1256083).
- Update
patches.suse/net-deal-with-integer-overflows-in-kmalloc_reserve.patch
(bsc#1215146 CVE-2023-42752 CVE-2023-53752 bsc#1254613).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_.patch
(bsc#1012628 CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-dsa-avoid-suspicious-RCU-usage-for-synced-V.patch
(bsc#1012628 CVE-2023-54149 bsc#1256085).
- Update
patches.suse/net-dsa-ocelot-call-dsa_tag_8021q_unregister-u.patch
(bsc#1012628 CVE-2023-53855 bsc#1254688).
- Update
patches.suse/net-ethernet-mtk_eth_soc-fix-possible-NULL-pointer-d.patch
(git-fixes CVE-2023-54240 bsc#1255918).
- Update
patches.suse/net-hns3-fix-deadlock-issue-when-externel_lb-a.patch
(bsc#1012628 CVE-2023-54000 bsc#1255564).
- Update
patches.suse/net-ipa-only-reset-hashed-tables-when-supported.patch
(bsc#1012628 CVE-2023-54225 bsc#1256234).
- Update
patches.suse/net-ipv4-fix-one-memleak-in-__inet_del_ifa.patch
(bsc#1220419 CVE-2023-53995 bsc#1255616).
- Update
patches.suse/net-mlx5-fix-potential-memory-leak-in-mlx5e_in.patch
(bsc#1012628 CVE-2023-54106 bsc#1256358).
- Update
patches.suse/net-mlx5e-Move-representor-neigh-cleanup-to-pr.patch
(bsc#1012628 CVE-2023-54148 bsc#1256084).
- Update
patches.suse/net-mlx5e-TC-Fix-internal-port-memory-leak.patch
(bsc#1012628 CVE-2023-53999 bsc#1255621).
- Update
patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_ptp_open.patch
(bsc#1012628 CVE-2023-54169 bsc#1256050).
- Update
patches.suse/net-mlx5e-xsk-Fix-invalid-buffer-access-for-le.patch
(bsc#1012628 CVE-2023-54223 bsc#1256233).
- Update
patches.suse/net-openvswitch-reject-negative-ifindex.patch
(bsc#1012628 CVE-2023-53843 bsc#1254705).
- Update
patches.suse/net-prevent-skb-corruption-on-frag-list-segment.patch
(bsc#1012628 CVE-2023-54094 bsc#1256292).
- Update
patches.suse/net-read-sk-sk_family-once-in-sk_mc_loop.patch
(bsc#1220419 CVE-2023-53831 bsc#1254701).
- Update
patches.suse/net-sched-taprio-Limit-TCA_TAPRIO_ATTR_SCHED_C.patch
(bsc#1012628 CVE-2023-54251 bsc#1255888).
- Update
patches.suse/net-smc-use-smc_lgr_list.lock-to-protect-smc_lgr_lis.patch
(git-fixes CVE-2023-54318 bsc#1255772).
- Update
patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch
(git-fixes CVE-2025-68192 bsc#1255246).
- Update
patches.suse/netfilter-nf_tables-fix-underflow-in-chain-refe.patch
(bsc#1012628 CVE-2023-54035 bsc#1255563).
- Update
patches.suse/netlink-do-not-hard-code-device-address-lenth-i.patch
(bsc#1012628 CVE-2023-53863 bsc#1254657).
- Update
patches.suse/nfp-clean-mc-addresses-in-application-firmware-.patch
(bsc#1012628 CVE-2023-54133 bsc#1256104).
- Update
patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch
(git-fixes CVE-2025-68185 bsc#1255135).
- Update
patches.suse/nfsd-move-init-of-percpu-reply_cache_stats-coun.patch
(bsc#1012628 CVE-2023-54276 bsc#1255907).
- Update
patches.suse/nilfs2-fix-WARNING-in-mark_buffer_dirty-due-to.patch
(bsc#1012628 CVE-2023-54140 bsc#1256093).
- Update
patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch
(git-fixes CVE-2025-68235 bsc#1255209).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_ctrl_secret.patch
(bsc#1012628 CVE-2023-53792 bsc#1254743).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_secret_stor.patch
(bsc#1012628 CVE-2023-53852 bsc#1254653).
- Update
patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch
(bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274).
- Update
patches.suse/nvme-multipath-fix-lockdep-WARN-due-to-partition-sca.patch
(git-fixes bsc#1233640 CVE-2024-53093 CVE-2025-68218
bsc#1255245).
- Update
patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch
(bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276).
- Update
patches.suse/of-overlay-Call-of_changeset_init-early.patch
(git-fixes CVE-2023-53856 bsc#1254661).
- Update
patches.suse/of-unittest-fix-null-pointer-dereferencing-in-of_uni.patch
(git-fixes CVE-2023-54178 bsc#1255992).
- Update
patches.suse/opp-Fix-use-after-free-in-lazy_opp_tables-after.patch
(bsc#1012628 CVE-2023-54026 bsc#1255549).
- Update
patches.suse/orangefs-fix-xattr-related-buffer-overflow.patch
(git-fixes CVE-2025-40306 bsc#1255062).
- Update
patches.suse/ovl-fix-null-pointer-dereference-in-ovl_get_acl.patch
(bsc#1012628 CVE-2023-54313 bsc#1255775).
- Update
patches.suse/pcmcia-rsrc_nonstatic-Fix-memory-leak-in-nonst.patch
(bsc#1012628 CVE-2023-54115 bsc#1256121).
- Update patches.suse/perf-tool-x86-Fix-perf_env-memory-leak.patch
(bsc#1012628 CVE-2023-53793 bsc#1254739).
- Update
patches.suse/phy-tegra-xusb-Clear-the-driver-reference-in-us.patch
(bsc#1012628 CVE-2023-54083 bsc#1256368).
- Update
patches.suse/pinctrl-at91-pio4-check-return-value-of-devm_ka.patch
(bsc#1012628 CVE-2023-54319 bsc#1255760).
- Update
patches.suse/pinctrl-freescale-Fix-a-memory-out-of-bounds-wh.patch
(bsc#1012628 CVE-2023-53750 bsc#1254611).
- Update
patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch
(git-fixes CVE-2025-68222 bsc#1255218).
- Update
patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch
(git-fixes CVE-2025-68303 bsc#1255122).
- Update
patches.suse/posix-timers-Prevent-RT-livelock-in-itimer_dele.patch
(bsc#1012628 CVE-2023-53815 bsc#1254715).
- Update patches.suse/powerpc-64s-Fix-VAS-mm-use-after-free.patch
(bsc#1012628 CVE-2023-54042 bsc#1255702).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-powernv-sriov-perform-null-check-on-iov.patch
(bsc#1012628 CVE-2023-54315 bsc#1255769).
- Update
patches.suse/powerpc-pseries-Rework-lppaca_shared_proc-to-avoid-D.patch
(bsc#1194869 CVE-2023-54267 bsc#1255899).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1194869 CVE-2023-54017 bsc#1255605).
- Update patches.suse/pstore-ram-Add-check-for-kstrdup.patch
(bsc#1012628 CVE-2023-54189 bsc#1255978).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1012628 CVE-2023-54177 bsc#1255993).
- Update patches.suse/rcu-dump-vmalloc-memory-info-safely.patch
(git-fixes CVE-2023-54113 bsc#1256351).
- Update
patches.suse/rcuscale-Move-rcu_scale_writer-schedule_timeout_unin.patch
(git-fixes CVE-2023-54246 bsc#1255915).
- Update
patches.suse/refscale-Fix-uninitalized-use-of-wait_queue_head_t.patch
(git-fixes CVE-2023-54316 bsc#1255770).
- Update
patches.suse/regmap-irq-Fix-out-of-bounds-access-when-alloca.patch
(bsc#1012628 CVE-2023-53768 bsc#1254599).
- Update
patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch
(git-fixes CVE-2025-40317 bsc#1254796).
- Update
patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch
(git-fixes CVE-2025-68354 bsc#1255553).
- Update
patches.suse/regulator-da9063-fix-null-pointer-deref-with-pa.patch
(bsc#1012628 CVE-2023-53787 bsc#1254750).
- Update patches.suse/rpmsg-glink-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-54049 bsc#1256396).
- Update
patches.suse/s390-dcssblk-fix-kernel-crash-with-list_add-corruption.patch
(git-fixes bsc#1215344 CVE-2023-54117 bsc#1256348).
- Update
patches.suse/s390-vmem-split-pages-when-debug-pagealloc-is-.patch
(bsc#1012628 CVE-2023-54278 bsc#1255911).
- Update
patches.suse/samples-bpf-Fix-buffer-overflow-in-tcp_basertt.patch
(bsc#1012628 CVE-2023-54312 bsc#1255774).
- Update
patches.suse/sched-psi-use-kernfs-polling-functions-for-PSI-.patch
(bsc#1012628 CVE-2023-54019 bsc#1255636).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handlin.patch
(bsc#1012628 CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1012628 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_b.patch
(bsc#1012628 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-target-core-Fix-target_cmd_counter-leak.patch
(bsc#1214847 CVE-2023-54154 bsc#1256082).
- Update
patches.suse/serial-8250-Fix-oops-for-port-pm-on-uart_chang.patch
(bsc#1012628 CVE-2023-54220 bsc#1255949).
- Update patches.suse/serial-sprd-Fix-DMA-buffer-leak-issue.patch
(git-fixes CVE-2023-54136 bsc#1256099).
- Update
patches.suse/sfc-fix-crash-when-reading-stats-while-NIC-is-r.patch
(bsc#1012628 CVE-2023-54156 bsc#1255704).
- Update
patches.suse/sh-dma-Fix-DMA-channel-offset-calculation.patch
(bsc#1012628 CVE-2023-54255 bsc#1255884).
- Update patches.suse/smb-client-fix-missed-ses-refcounting.patch
(bsc#1012628 CVE-2023-54076 bsc#1256335).
- Update
patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch
(bsc#1248886 CVE-2025-40320 bsc#1254793).
- Update patches.suse/soundwire-fix-enumeration-completion.patch
(bsc#1012628 CVE-2023-54096 bsc#1256178).
- Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch
(bsc#1253155 CVE-2025-68746 bsc#1255722).
- Update
patches.suse/staging-r8712-Fix-memory-leak-in-_r8712_init_xm.patch
(bsc#1012628 CVE-2023-54001 bsc#1255628).
- Update
patches.suse/thermal-of-fix-double-free-on-unregistration.patch
(bsc#1012628 CVE-2023-53997 bsc#1255632).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-.patch
(bsc#1012628 CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-memory-leak-of-iter-temp-when-readi.patch
(bsc#1012628 CVE-2023-54171 bsc#1256034).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_dis.patch
(bsc#1012628 CVE-2023-54211 bsc#1255843).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c.patch
(bsc#1012628 CVE-2023-53858 bsc#1254704).
- Update
patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch
(stable-fixes CVE-2025-40314 bsc#1255072).
- Update
patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch
(git-fixes CVE-2025-68287 bsc#1255152).
- Update
patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch
(git-fixes CVE-2025-68289 bsc#1255155).
- Update
patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch
(stable-fixes CVE-2025-40315 bsc#1255083).
- Update
patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch
(stable-fixes CVE-2025-68750 bsc#1255814).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_.patch
(bsc#1012628 CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch
(stable-fixes CVE-2025-40345 bsc#1255279).
- Update
patches.suse/usb-typec-bus-verify-partner-exists-in-typec_altmode.patch
(git-fixes CVE-2023-54299 bsc#1255789).
- Update
patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch
(git-fixes CVE-2025-68331 bsc#1255495).
- Update patches.suse/usbnet-Prevents-free-active-kevent.patch
(git-fixes CVE-2025-68312 bsc#1255171).
- Update
patches.suse/vdpa-Add-queue-index-attr-to-vdpa_nl_policy-fo.patch
(bsc#1012628 CVE-2023-54031 bsc#1255583).
- Update patches.suse/vduse-fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-54291 bsc#1255798).
- Update
patches.suse/vfio-type1-fix-cap_migration-information-leak
(jsc#PED-7779 jsc#PED-7780 CVE-2023-54137 bsc#1256100).
- Update
patches.suse/virtio-vdpa-Fix-cpumask-memory-leak-in-virtio_.patch
(bsc#1012628 CVE-2023-54215 bsc#1255957).
- Update
patches.suse/virtio_pmem-add-the-missing-REQ_OP_WRITE-for-flush-b.patch
(git-fixes CVE-2023-54089 bsc#1256268).
- Update
patches.suse/virtio_vdpa-build-affinity-masks-conditionally.patch
(git-fixes CVE-2023-54008 bsc#1255630).
- Update
patches.suse/wifi-ath11k-Add-missing-hw_ops-get_ring_selecto.patch
(bsc#1012628 CVE-2023-54141 bsc#1256094).
- Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch
(git-fixes CVE-2025-68380 bsc#1255580).
- Update
patches.suse/wifi-ath11k-fix-registration-of-6Ghz-only-phy-w.patch
(bsc#1012628 CVE-2023-54229 bsc#1255924).
- Update
patches.suse/wifi-ath12k-Fix-memory-leak-in-rx_desc-and-tx_desc.patch
(git-fixes CVE-2023-54016 bsc#1256279).
- Update
patches.suse/wifi-ath9k-avoid-referencing-uninit-memory-in-a.patch
(bsc#1012628 CVE-2023-54300 bsc#1255790).
- Update
patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch
(git-fixes CVE-2025-40321 bsc#1254795).
- Update
patches.suse/wifi-cfg80211-ocb-don-t-leave-if-not-joined.patch
(git-fixes CVE-2023-53992 bsc#1256058).
- Update
patches.suse/wifi-mt76-mt7921-fix-skb-leak-by-txs-missing-i.patch
(bsc#1012628 CVE-2023-54052 bsc#1256387).
- Update
patches.suse/wifi-mwifiex-fix-memory-leak-in-mwifiex_histogram_re.patch
(git-fixes CVE-2023-53808 bsc#1254723).
- Update
patches.suse/wifi-rsi-Do-not-configure-WoWlan-in-shutdown-ho.patch
(bsc#1012628 CVE-2023-54025 bsc#1255558).
- Update
patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch
(git-fixes CVE-2025-68759 bsc#1255934).
- Update
patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch
(git-fixes CVE-2025-68362 bsc#1255611).
- Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch
(git-fixes CVE-2025-68313 bsc#1255415).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_microco.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- Update
patches.suse/x86-hyperv-Disable-IBT-when-hypercall-page-lac.patch
(bsc#1012628 CVE-2023-54172 bsc#1256033).
- Update
patches.suse/x86-sev-Make-enc_dec_hypercall-accept-a-size-instead-of-npages
(bsc#1214635 CVE-2023-53996 bsc#1255618).
- Update patches.suse/xen-speed-up-grant-table-reclaim.patch
(bsc#1012628 CVE-2023-54081 bsc#1256361).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit c2db288
- Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch
(CVE-2025-40287 bsc#1255030 CVE-2025-68351 bsc#1255567).
- Update
patches.suse/net-enetc-fix-the-deadlock-of-enetc_mdio_lock.patch
(CVE-2025-40337 bsc#1255081 CVE-2025-40347 bsc#1255262).
- commit 8022326
- docs: ABI: sysfs-devices-soc: Fix swapped sample values
(git-fixes).
- commit 208252e
- gpio: rockchip: mark the GPIO controller as sleeping
(git-fixes).
- drm/pl111: Fix error handling in pl111_amba_probe (git-fixes).
- crypto: qat - fix duplicate restarting msg during AER error
(git-fixes).
- commit db7c5b1
- cifs: client: fix memory leak in smb3_fs_context_parse_param
(bsc#1255082, CVE-2025-40268).
- commit 1547549
- ext4: wait for ongoing I/O to complete before freeing blocks
(bsc#1256366).
- commit 73f54be
- selftests/bpf: Add test to verify freeing the special fields
in pcpu maps (CVE-2025-68744 bsc#1255709).
- commit 7a07150
- bpf: Free special fields when update [lru_,]percpu_hash maps
(CVE-2025-68744 bsc#1255709).
- commit 5246440
- pmdomain: arm: scmi: Fix genpd leak on provider registration
failure (CVE-2025-68204 bsc#1255224).
- commit 51ed7f6
- drm/amd/display: Fix scratch registers offsets for DCN351
(stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN35
(stable-fixes).
- Revert "drm/amd/display: Fix pbn to kbps Conversion"
(stable-fixes).
- drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes).
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace
(stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- drm/amdkfd: Trap handler support for expert scheduling mode
(stable-fixes).
- clk: samsung: exynos-clkout: Assign .num before accessing .hws
(git-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/displayid: add quirk to ignore DisplayID checksum errors
(stable-fixes).
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct
drm_edid_ident (stable-fixes).
- drm/displayid: pass iter to drm_find_displayid_extension()
(stable-fixes).
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING
after CLC load (stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: cfg80211: stop radar detection in cfg80211_leave()
(stable-fixes).
- wifi: cfg80211: use cfg80211_leave() in iftype change
(stable-fixes).
- cpufreq: nforce2: fix reference count leak in nforce2
(git-fixes).
- drm/panthor: Flush shmem writes before mapping buffers
CPU-uncached (git-fixes).
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume
(stable-fixes).
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier
before suspend (stable-fixes).
- commit 0bebe20
- wifi: mac80211: restore non-chanctx injection behaviour
(git-fixes).
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
(git-fixes).
- wifi: avoid kernel-infoleak from struct iw_point (git-fixes).
- atm: Fix dma_free_coherent() size (git-fixes).
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
(git-fixes).
- net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
(git-fixes).
- HID: quirks: work around VID/PID conflict for appledisplay
(git-fixes).
- ASoC: sun4i-spdif: Add missing kerneldoc fields for
sun4i_spdif_quirks (git-fixes).
- ALSA: ac97: fix a double free in snd_ac97_controller_register()
(git-fixes).
- commit 31818ae
- binfmt_misc: restore write access before closing files opened
by open_exec() (bsc#1255272 CVE-2025-68239).
- commit 40d7043
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit e033d9a
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit eb0de51
- ext4: guard against EA inode refcount underflow in xattr update
(bsc#1253623 CVE-2025-40190).
- commit 7ad9fff
- net/smc: fix general protection fault in __smc_diag_dump
(CVE-2025-40357 bsc#1255097).
- commit c2a771e
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is
replaced (CVE-2025-68259 bsc#1255199).
- commit bca135e
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318)
- commit 24256b7
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121)
- commit c49170e
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit 34ab5ba
- bpf: Fix stackmap overflow check in __bpf_get_stackid()
(CVE-2025-68378 bsc#1255614).
- commit f957faa
- bpf: Refactor stack map trace depth calculation into helper
function (CVE-2025-68378 bsc#1255614).
- commit 89dceec
- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
(bsc#1255463).
- Refresh
patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch.
- commit f3639f0
- iommufd: Don't overflow during division for dirty tracking
(CVE-2025-40293 bsc#1255179).
- commit 8fb40bc
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
(CVE-2025-40251 bsc#1254856).
- commit 07d80e9
- mptcp: fix race condition in mptcp_schedule_work()
(CVE-2025-40258 bsc#1254843).
- commit 664f157
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net/mlx5: Clean up only new IRQ glue on request_irq() failure
(CVE-2025-40250 bsc#1254854).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40337
bsc#1255081).
- net: stmmac: Correctly handle Rx checksum offload errors
(CVE-2025-40337 bsc#1255081).
- commit 3ae940f
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq
IE parsing (CVE-2025-68255 bsc#1255395).
- commit d962eb4
- ASoC: Intel: avs: Do not share the name pointer between
components (CVE-2025-40338 bsc#1255273).
- commit 968173c
- drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
(CVE-2025-40289 bsc#1255042).
- commit ff414f2
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit 9f73fa4
- serial: core: Fix serial device initialization (git-fixes).
- commit 024b264
- drm/imagination: Disallow exporting of PM/FW protected objects
(git-fixes).
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in
ACPI package parsing (git-fixes).
- serial: core: Restore sysfs fwnode information (git-fixes).
- ASoC: ak4458: remove the reset operation in probe and remove
(git-fixes).
- drm/xe: Use usleep_range for accurate long-running workload
timeslicing (git-fixes).
- drm/xe: Drop preempt-fences when destroying imported dma-bufs
(git-fixes).
- drm/xe/oa: Disallow 0 OA property values (git-fixes).
- drm/xe: Adjust long-running workload timeslices to reasonable
values (git-fixes).
- drm/xe/oa: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Restore engine registers before restarting schedulers
after GT reset (git-fixes).
- drm/xe/bo: Don't include the CCS metadata in the dma-buf
sg-table (git-fixes).
- drm/me/gsc: mei interrupt top half should be in irq disabled
context (git-fixes).
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes).
- wifi: ath10k: move recovery check logic into a new work
(git-fixes).
- r8169: set EEE speed down ratio to 1 (stable-fixes).
- wifi: ath10k: Add missing include of export.h (stable-fixes).
- wifi: ath10k: Avoid vdev delete timeout when firmware is
already down (stable-fixes).
- commit bbba4ae
- usb: phy: isp1301: fix non-OF device reference imbalance
(git-fixes).
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
(git-fixes).
- commit 4724dd4
- platform/x86: ibm_rtl: fix EBDA signature search pointer
arithmetic (git-fixes).
- platform/x86: msi-laptop: add missing sysfs_remove_group()
(git-fixes).
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from
event names (git-fixes).
- wifi: mac80211: do not use old MBSSID elements (git-fixes).
- wifi: cfg80211: sme: store capped length in
__cfg80211_connect_result() (git-fixes).
- wifi: rtlwifi: 8192cu: fix tid out of range in
rtl92cu_tx_fill_desc() (git-fixes).
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS
(git-fixes).
- smc91x: fix broken irq-context in PREEMPT_RT (git-fixes).
- usb: dwc3: of-simple: fix clock resource leak in
dwc3_of_simple_probe (git-fixes).
- USB: lpc32xx_udc: Fix error handling in probe (git-fixes).
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
(git-fixes).
- usb: dwc3: keep susphy enabled during exit to avoid controller
faults (git-fixes).
- spi: fsl-cpm: Check length parity before switching to 16 bit
mode (git-fixes).
- PM: runtime: Do not clear needs_force_resume with enabled
runtime PM (git-fixes).
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
(git-fixes).
- commit 29120de
- sctp: avoid NULL dereference when chunk data buffer is missing
(CVE-2025-40240 bsc#1254869).
- commit 7732dc5
- net: rose: fix invalid array index in rose_kill_by_device()
(git-fixes).
- net: usb: sr9700: fix incorrect command used to write single
register (git-fixes).
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write (git-fixes).
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
(git-fixes).
- net: mdio: aspeed: add dummy read to avoid read-after-write
issue (git-fixes).
- Input: ti_am335x_tsc - fix off-by-one error in wire_order
validation (git-fixes).
- Input: atkbd - skip deactivate for HONOR FMB-P's internal
keyboard (git-fixes).
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to
Kconfig (git-fixes).
- commit 0ed2427
- drm/i915/gem: Zero-initialize the eb.vma array in
i915_gem_do_execbuffer (git-fixes).
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state()
in prepare_fb (git-fixes).
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(git-fixes).
- idr: fix idr_alloc() returning an ID out of range (git-fixes).
- genalloc.h: fix htmldocs warning (git-fixes).
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(git-fixes).
- firewire: nosy: Fix dma_free_coherent() size (git-fixes).
- drm/msm/dpu: Add missing NULL pointer check for pingpong
interface (git-fixes).
- ALSA: usb-mixer: us16x08: validate meter packet indices
(git-fixes).
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
(git-fixes).
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
(git-fixes).
- hwmon: (tmp401) fix overflow caused by default conversion rate
value (git-fixes).
- hwmon: (ibmpex) fix use-after-free in high/low store
(git-fixes).
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first
(git-fixes).
- ACPI: PCC: Fix race condition by removing static qualifier
(git-fixes).
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
(git-fixes).
- can: j1939: make j1939_sk_bind() fail if device is no longer
registered (git-fixes).
- can: gs_usb: gs_can_open(): fix error handling (git-fixes).
- broadcom: b44: prevent uninitialized value usage (git-fixes).
- commit bf82bcb
- exfat: validate cluster allocation bits of the allocation bitmap
(CVE-2025-40307 bsc#1255039).
- commit 61971f7
- exfat: using hweight instead of internal logic (git-fixes).
- commit 18b7ccc
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).
- commit 8505ec5
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
(git-fixes).
- commit 784298a
- Branch maintainers was auto-merged from SLE15-SP6-LTSS.
Restore to SP7 maintainers per ML discussion at:
https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00127.html
https://mailman.suse.de/mlarch/SuSE/kernel/2025/kernel.2025.12/msg00134.html
- commit ca6d40d
- tracing: Fix race condition in kprobe initialization causing
NULL pointer dereference (CVE-2025-40042 bsc#1252861).
- commit 8186e85
- README.BRANCH: SLE15-SP6 became LTSS, update maintainers
- commit f86184e
- cpuidle: menu: Use residency threshold in polling state override
decisions (bsc#1255026).
- commit f6f2d0f
- fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).
- commit c5ce147
- selftests/bpf: Add test case for different expected_attach_type
(CVE-2025-40123 bsc#1253365).
- commit a20378c
- kABI workaround for bpf: Enforce expected_attach_type for
tailcall compatibility (CVE-2025-40123 bsc#1253365).
- commit b3b5837
- bpf: Enforce expected_attach_type for tailcall compatibility
(CVE-2025-40123 bsc#1253365).
Refresh patches.kabi/bpf-struct-bpf_map-workaround.patch.
- commit 4229239
- exfat: fix refcount leak in exfat_find (CVE-2025-40287
bsc#1255030).
- commit 8d74fe6
- exfat: fix improper check of dentry.stream.valid_size
(CVE-2025-40287 bsc#1255030).
- commit 6d6e321
- exfat: add a check for invalid data size (git-fixes).
- commit 2af7089
- selftests/bpf: Test widen_imprecise_scalars() with different
stack depth (CVE-2025-68208 bsc#1255227).
- commit 7bc82c5
- bpf: account for current allocated stack depth in
widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227).
- commit 59eb6d6
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit c371711
- selftests/bpf: Skip timer cases when bpf_timer is not supported
(git-fixes).
- commit c865cf8
- bpf: Reject bpf_timer for PREEMPT_RT (git-fixes).
- commit 4c49578
- bpf: Sync pending IRQ work before freeing ring buffer
(CVE-2025-40319 bsc#1254794).
- commit d39f398
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit 85cf637
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit a261090
- net: bridge: fix use-after-free due to MST port state bypass
(CVE-2025-40297 bsc#1255187).
- commit 551613c
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 2e6aaae
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- commit 23ba11d
- ipv6: use RCU in ip6_output() (CVE-2025-40158 bsc#1253402).
- ipv6: use RCU in ip6_xmit() (CVE-2025-40135 bsc#1253342).
- commit e13927d
- tipc: Fix use-after-free in tipc_mon_reinit_self()
(CVE-2025-40280 bsc#1254847).
- commit 293c735
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated
(bsc#1255434).
- bpf: Do not limit bpf_cgroup_from_id to current's namespace
(bsc#1255433).
- commit 7622dcb
- virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292).
- commit 640f7af
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 76e0cd6
- vsock: fix lock inversion in vsock_assign_transport()
(CVE-2025-40231, bsc#1254815).
- commit f20ceef
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit a401c8b
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 3a48f4b
- selftests: net: use slowwait to make sure IPv6 setup finished
(bsc#1255349).
- commit cdeb065
- selftests/net: convert test_vxlan_vnifiltering.sh to run it
in unique namespace (bsc#1255349).
- commit f6295a1
- selftests: net: use slowwait to stabilize vrf_route_leaking test
(bsc#1255349).
- commit 797f508
- selftests/net: convert vrf_route_leaking.sh to run it in unique
namespace (bsc#1255349).
- Refresh
patches.suse/selftests-net-add-helper-for-checking-if-nettest-is-availa.patch.
- commit c9d3564
- selftests: vrf_route_leaking: remove ipv6_ping_frag from
default testing (bsc#1255349).
- commit d1d9fe4
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit ae22a6c
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 13f0f1f
- selftests: net: fib-onlink-tests: Set high metric for default
IPv6 route (bsc#1255346).
- commit 3e93e72
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 63a872c
- KVM: guest_memfd: Remove bindings on memslot deletion when
gmem is dying (CVE-2025-40274, bsc#1254830).
- commit 539aace
- selftests: net: Remove executable bits from library scripts
(bsc#1254235).
- commit 0623efd
- selftests: net: included needed helper in the install targets
(bsc#1254235).
- Refresh
patches.suse/selftests-net-List-helper-scripts-in-TEST_FILES-Makefile-v.patch.
- Refresh patches.suse/selftests-net-include-forwarding-lib.patch.
- commit 7e2ef77
- tick/sched: Limit non-timekeeper CPUs calling jiffies update
(bsc#1254477).
- commit f152ff3
- selftests: net: veth: test the ability to independently
manipulate GRO and XDP (bsc#1255101).
- commit 0c521f2
- selftests: net: more strict check in net_helper (bsc#1254235).
- selftests: net: explicitly wait for listener ready
(bsc#1254235).
Refresh
patches.suse/selftests-net-cut-more-slack-for-gro-fwd-tests.patch.
- selftests/net: synchronize udpgro tests' tx and rx connection
(bsc#1254235).
- commit ea56d4f
- selftests/net: calibrate txtimestamp (bsc#1255085).
- commit 4e81333
- netdevsim: print human readable IP address (bsc#1255071).
- commit db8e48c
- selftests: dsa: Replace test symlinks by wrapper script
(bsc#1254235).
- selftests: team: Add shared library scripts to TEST_INCLUDES
(bsc#1254235).
- selftests: bonding: Add net/forwarding/lib.sh to TEST_INCLUDES
(bsc#1254235).
- selftests: Introduce Makefile variable to list shared bash
scripts (bsc#1254235).
- commit 5bb066d
- selftests/net: convert fib_tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_rule_tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib-onlink-tests.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthops.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_nongw.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert fib_nexthop_multiprefix to run it in
unique namespace (bsc#1254235).
- selftests/net: convert fcnal-test.sh to run it in unique
namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt6_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt4_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- selftests/net: convert srv6_end_dt46_l3vpn_test.sh to run it
in unique namespace (bsc#1254235).
- commit 3c3968b
- Move upstreamed ath12k patch into sorted section
- commit fa80682
- Move upstreamed SCSI patches into sorted section
- commit 8ea340d
- futex: Prevent use-after-free during requeue-PI (CVE-2025-39977
bsc#1252046).
- commit 3062182
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE
(git-fixes).
- commit 808d009
- bnxt_en: Shutdown FW DMA in bnxt_shutdown() (CVE-2025-40330
bsc#1254616).
- commit 3e35ca9
- usb: typec: ucsi: psy: Set max current to zero when disconnected
(git-fixes).
- commit de6f0cd
- USB: serial: option: add Telit FN920C04 ECM compositions
(stable-fixes).
- USB: serial: option: add Quectel RG255C (stable-fixes).
- USB: serial: option: add UNISOC UIS7720 (stable-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: chipidea: udc: limit usb request length to max 16KB
(stable-fixes).
- commit 15d4d36
- usb: raw-gadget: do not limit transfer length (git-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices
(git-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: udc: Add trace event for usb_gadget_set_state
(stable-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind
(git-fixes).
- commit c4f787c
- Correct USB typec tcpm patches
In upstream backports, changes were applied to wrong places (sink
instead of source). In the stable upstream, it was corrected in a
commit d967f6ae3149, but we fold the corrections in each patch,
instead.
Refreshed:
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
patches.suse/usb-typec-tcpm-unregister-existing-source-caps-befor.patch
- commit 55aaa8f
- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).
- commit 4dc2ee9
- drm/tilcdc: Fix removal actions in case of failed probe
(git-fixes).
- drm/nouveau: refactor deprecated strcpy (git-fixes).
- drm/plane: Fix IS_ERR() vs NULL check in
drm_plane_create_hotspot_properties() (git-fixes).
- drm/i915: Fix format string truncation warning (git-fixes).
- drm/amdkfd: Use huge page size to check split svm range
alignment (git-fixes).
- commit 9d1b9c7
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
(git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- commit 4a0695a
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- drm/amdkfd: Fix GPU mappings for APU after prefetch
(stable-fixes).
- commit e28addd
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure
(git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for
DSP events (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for
DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_hda_read_acpi() (git-fixes).
- commit 203c44f
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 18e6218
- ext4: align max orphan file size with e2fsprogs limit
(bsc#1253442 CVE-2025-40179).
- commit 7ae82ce
- ext4: free orphan info with kvfree (bsc#1253442 CVE-2025-40179).
- commit a10c019
- ext4: verify orphan file size is not too big (bsc#1253442
CVE-2025-40179).
- commit 6c1724d
- Revert "ipmi: fix msg stack when IPMI is disconnected" (bsc#1253622 CVE-2025-40192)
- commit 33bdbac
- kABI workaround for mgmt_cp_set_mesh struct change (git-fixes).
- commit 7de6f1d
- Bluetooth: MGMT: fix crash in set_mesh_sync and
set_mesh_complete (git-fixes).
- Refresh patches.kabi/hci_dev-centralize-extra-lock.patch.
- commit 9117a6d
- kABI workaround for hci_conn remote_id removal (git-fixes).
- commit 1f82cb9
- Bluetooth: btusb: mediatek: Fix kernel crash when releasing
mtk iso interface (git-fixes).
- Refresh
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch.
- commit 868a054
- kABI workaround for HCI_LE_ADV_0 addition (git-fixes).
- commit 90a4a45
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00
(git-fixes).
- commit 02e48bb
- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL
writes (git-fixes).
- commit 8914d15
- Refresh
patches.kabi/devlink_hide_adding_u64_to_devlink_param_types.patch.
- Refresh
patches.suse/devlink-Add-support-for-u64-parameters.patch.
- Delete
patches.suse/devlink-avoid-param-type-value-translations.patch.
Fix kABI breakage, caused by adding U64 type to DEVLINK_PARAM_TYPE (bsc#1254363)
- commit d4ef490
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID
(git-fixes).
- commit b8d0ed6
- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).
- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd
led (git-fixes).
- commit 9bd979e
- smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256,
CVE-2025-38728).
- commit 8caf30e
- selftests: net: include forwarding lib (bsc#1254235).
- commit 8ae2773
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
- commit d031559
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
- commit 82f1192
- spi: tegra210-quad: Fix timeout handling (bsc#1253155)
- commit bd1de03
- spi: tegra210-qspi: Remove cache operations (git-fixes)
- commit a5fab01
- spi: tegra210-quad: Add support for internal DMA (git-fixes)
- commit 8c1e0cc
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
- commit 8db7584
- Delete patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch.
It will reinserted as part of bsc#1253155 update request.
- commit aed40ae
- smb: Log an error when close_all_cached_dirs fails (bsc#1246328,
CVE-2025-38321).
- commit a8a838a
- Refresh
patches.suse/selftests-net-List-helper-scripts-in-TEST_FILES-Makefile-v.patch.
- commit a49bd74
- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes)
- commit 056601e
- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes)
- commit 10b4884
- wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
(CVE-2025-39890 bsc#1250334).
- commit 51d9ba6
- dm-verity: fix unreliable memory allocation (git-fixes).
- commit 811cec6
- ipmi: Fix handling of messages with provided receive message
pointer (git-fixes).
- commit 2e987f2
- ipmi: Rework user message limit handling (git-fixes).
- commit 4cbb961
- mm/hugetlb: fix folio is still mapped when deleted
(CVE-2025-40006 bsc#1252342).
- commit e2e7e3b
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
(git-fixes).
- pinctrl: stm32: fix hwspinlock resource leak in probe function
(git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in
rcar_gen3_phy_usb2_probe() (git-fixes).
- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).
- commit 2f1faf6
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (CVE-2025-40153 bsc#1253408).
- commit 03b4aee
- perf list: Add IBM z17 event descriptions (jsc#PED-13611).
- commit fda20aa
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload
(bac#1236022 ltc#211187).
- commit 1a4723e
- i3c: fix refcount inconsistency in i3c_master_register
(git-fixes).
- commit 00edbac
- i3c: master: svc: Prevent incomplete IBI transaction
(git-fixes).
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as
a parent to other (git-fixes).
- clk: renesas: r9a06g032: Fix memory leak in error path
(git-fixes).
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle
callback (git-fixes).
- commit 4cf8a99
- mei: gsc: add dependency on Xe driver (git-fixes).
- drm/amd/display: Don't change brightness for disabled connectors
(stable-fixes).
- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes
(stable-fixes).
- usb: udc: Add trace event for usb_gadget_set_state
(stable-fixes).
- drm/i915/dp: Initialize the source OUI write timestamp always
(stable-fixes).
- commit fbf57fa
- staging: fbtft: core: fix potential memory leak in
fbtft_probe_common() (git-fixes).
- usb: gadget: tegra-xudc: Always reinitialize data toggle when
clear halt (git-fixes).
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).
- usb: phy: Initialize struct usb_phy list_head (git-fixes).
- usb: dwc2: fix hang during suspend if set as peripheral
(git-fixes).
- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).
- USB: Fix descriptor count when handling invalid MBIM extended
descriptor (git-fixes).
- intel_th: Fix error handling in intel_th_output_open
(git-fixes).
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
(git-fixes).
- comedi: multiq3: sanitize config options in multiq3_attach()
(git-fixes).
- comedi: check device's attached status in compat ioctls
(git-fixes).
- comedi: c6xdigio: Fix invalid PNP driver unregistration
(git-fixes).
- firmware: stratix10-svc: fix make htmldocs warning for
stratix10_svc (git-fixes).
- iio: core: Clean up device correctly on iio_device_alloc()
failure (git-fixes).
- iio: core: add missing mutex_destroy in iio_dev_release()
(git-fixes).
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member
(git-fixes).
- firmware: stratix10-svc: Add mutex in stratix10 memory
management (git-fixes).
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to
uio_fsl_elbc_gpcm_probe (git-fixes).
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe()
(git-fixes).
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing
(git-fixes).
- fbdev: tcx.c fix mem_map to correct smem_start offset
(git-fixes).
- watchdog: wdat_wdt: Fix ACPI table leak in probe function
(git-fixes).
- rpmsg: glink: fix rpmsg device leak (git-fixes).
- iio: accel: bmc150: Fix irq assumption regression
(stable-fixes).
- usb: storage: sddr55: Reject out-of-bound new_pba
(stable-fixes).
- USB: serial: option: add support for Rolling RW101R-GL
(stable-fixes).
- USB: serial: ftdi_sio: add support for u-blox EVK-M101
(stable-fixes).
- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -S
(stable-fixes).
- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).
- drm/amd/display: Check NULL before accessing (stable-fixes).
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230
(stable-fixes).
- commit a6f8c1f
- soc: amlogic: canvas: fix device leak on lookup (git-fixes).
- soc: qcom: smem: fix hwspinlock resource leak in probe error
paths (git-fixes).
- soc: qcom: ocmem: fix device leak on lookup (git-fixes).
- firmware: imx: scu-irq: fix OF node leak in (git-fixes).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- commit 67bcab6
- perf/x86/intel: Fix KASAN global-out-of-bounds warning
(git-fixes).
- commit 4f6bb80
- r8169: disable RTL8126 ZRX-DC timeout (jsc#PED-14353).
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support
(jsc#PED-14353).
- r8169: increase max jumbo packet size on RTL8125/RTL8126
(jsc#PED-14353).
- r8169: add PHY c45 ops for MDIO_MMD_VENDOR2 registers
(jsc#PED-14353).
- r8169: add support for Intel Killer E5000 (jsc#PED-14353).
- r8169: don't scan PHY addresses > 0 (jsc#PED-14353).
- commit 767f379
- r8169: add support for RTL8125BP rev.b (jsc#PED-14353).
- r8169: add support for RTL8125D rev.b (jsc#PED-14353).
- r8169: adjust version numbering for RTL8126 (jsc#PED-14353).
- r8169: remove support for chip version 11 (jsc#PED-14353).
- r8169: remove unused flag RTL_FLAG_TASK_RESET_NO_QUEUE_WAKE
(jsc#PED-14353).
- r8169: remove redundant hwmon support (jsc#PED-14353).
- r8169: use helper r8169_mod_reg8_cond to simplify
rtl_jumbo_config (jsc#PED-14353).
- commit 3a4ab13
- r8169: align WAKE_PHY handling with r8125/r8126 vendor drivers
(jsc#PED-14353).
- r8169: improve rtl_set_d3_pll_down (jsc#PED-14353).
- r8169: improve __rtl8169_set_wol (jsc#PED-14353).
- r8169: remove leftover locks after reverted change
(jsc#PED-14353).
- r8169: improve initialization of RSS registers on
RTL8125/RTL8126 (jsc#PED-14353).
- r8169: align RTL8126 EEE config with vendor driver
(jsc#PED-14353).
- r8169: align RTL8125/RTL8126 PHY config with vendor driver
(jsc#PED-14353).
- r8169: align RTL8125 EEE config with vendor driver
(jsc#PED-14353).
- r8169: fix inconsistent indenting in rtl8169_get_eth_mac_stats
(jsc#PED-14353).
- r8169: add support for RTL8125D (jsc#PED-14353).
- commit 5c318c2
- r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun"
(jsc#PED-14353).
- Refresh
patches.suse/r8169-add-tally-counter-fields-added-with-RTL8125.patch.
- commit 8dc4fd6
- r8169: don't take RTNL lock in rtl_task() (jsc#PED-14353).
- r8169: add support for the temperature sensor being available
from RTL8125B (jsc#PED-14353).
- r8169: avoid unsolicited interrupts (jsc#PED-14353).
- r8169: add missing MODULE_FIRMWARE entry for RTL8126A rev.b
(jsc#PED-14353).
- r8169: disable ALDPS per default for RTL8125 (jsc#PED-14353).
- r8169: add support for RTL8126A rev.b (jsc#PED-14353).
- r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY
(jsc#PED-14353).
- commit 6d7da00
- r8169: remove detection of chip version 11 (early RTL8168b)
(jsc#PED-14353).
- r8169: disable interrupt source RxOverflow (jsc#PED-14353).
- Revert "r8169: don't try to disable interrupts if NAPI is,
scheduled already" (jsc#PED-14353).
- r8169: Use PCI_IRQ_INTX instead of PCI_IRQ_LEGACY
(jsc#PED-14353).
- r8169: add support for RTL8168M (jsc#PED-14353).
- r8169: add MODULE_FIRMWARE entry for RTL8126A (jsc#PED-14353).
- commit 39ff456
- r8169: simplify code by using core-provided pcpu stats
allocation (jsc#PED-14353).
- commit dafb189
- r8169: simplify EEE handling (jsc#PED-14353).
- Refresh
patches.suse/r8169-implement-additional-ethtool-stats-ops.patch.
- commit 48bfadc
- r8169: add support for returning tx_lpi_timer in ethtool get_eee
(jsc#PED-14353).
- r8169: support setting the EEE tx idle timer on RTL8168h
(jsc#PED-14353).
- r8169: add generic rtl_set_eee_txidle_timer function
(jsc#PED-14353).
- commit e1875e5
- r8169: remove multicast filter limit (jsc#PED-14353).
- Refresh patches.suse/r8169-add-support-for-RTL8126A.patch.
- commit 1615622
- net: r8169: Disable multicast filter for RTL8168H and RTL8107E
(jsc#PED-14353).
- Refresh
patches.suse/r8169-respect-userspace-disabling-IFF_MULTICAST.patch.
- commit 0162652
- r8169: use dev_err_probe in all appropriate places in
rtl_init_one() (jsc#PED-14353).
- Refresh
patches.suse/r8169-revert-2ab19de62d67-r8169-remove-ASPM-res.patch.
- commit 946ce07
- r8169: improve handling task scheduling (jsc#PED-14353).
- r8169: remove not needed check in rtl_fw_write_firmware
(jsc#PED-14353).
- r8169: improve RTL8411b phy-down fixup (jsc#PED-14353).
- Revert "net: r8169: Disable multicast filter for RTL8168H and
RTL8107E" (jsc#PED-14353).
- r8169: check for PCI read error in probe (jsc#PED-14353).
- commit 82a9157
- r8169: enable EEE at 2.5G per default on RTL8125B
(jsc#PED-14353).
- r8169: remove rtl_dash_loop_wait_high/low (jsc#PED-14353).
- r8169: avoid duplicated messages if loading firmware fails
and switch to warn level (jsc#PED-14353).
- r8169: implement additional ethtool stats ops (jsc#PED-14353).
- r8169: remove original workaround for RTL8125 broken rx issue
(jsc#PED-14353).
- r8169: don't apply UDP padding quirk on RTL8126A
(jsc#PED-14353).
- commit fdf3fd2
- efi: stmm: fix kernel-doc "bad line" warnings (git-fixes).
- ASoC: codecs: lpass-tx-macro: fix SM6115 support (git-fixes).
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation
of appl_ptr (git-fixes).
- Revert "drm/amd: Skip power ungate during suspend for VPE"
(git-fixes).
- drm/panthor: Avoid adding of kernel BOs to extobj list
(git-fixes).
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl()
(git-fixes).
- drm/mediatek: ovl_adaptor: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe device leaks (git-fixes).
- drm/mediatek: Fix probe memory leak (git-fixes).
- drm/mediatek: Fix probe resource leaks (git-fixes).
- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init
(git-fixes).
- drm/msm/a6xx: Fix the gemnoc workaround (git-fixes).
- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (git-fixes).
- drm/panthor: Fix potential memleak of vma structure (git-fixes).
- drm/panthor: Fix UAF on kernel BO VA nodes (git-fixes).
- drm/panthor: Fix race with suspend during unplug (git-fixes).
- drm/panthor: Fix group_free_queue() for partially initialized
queues (git-fixes).
- drm/panthor: Handle errors returned by drm_sched_entity_init()
(git-fixes).
- drm/imagination: Fix reference to
devm_platform_get_and_ioremap_resource() (git-fixes).
- accel/ivpu: Fix race condition when unbinding BOs (git-fixes).
- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler()
(git-fixes).
- accel/ivpu: Fix DCT active percent format (git-fixes).
- drm/panel: visionox-rm69299: Don't clear all mode flags
(git-fixes).
- media: verisilicon: Fix CPU stalls on G2 bus error (git-fixes).
- commit 905bb10
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2
(git-fixes).
- PCI: keystone: Exit ks_pcie_probe() for invalid mode
(git-fixes).
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition
(git-fixes).
- PCI/PM: Reinstate clearing state_saved in legacy and !PM
codepaths (git-fixes).
- power: supply: apm_power: only unset own apm_get_power_status
(git-fixes).
- power: supply: wm831x: Check wm831x_set_bits() return value
(git-fixes).
- power: supply: rt9467: Prevent using uninitialized local
variable in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: rt9467: Return error on failure in
rt9467_set_value_from_ranges() (git-fixes).
- power: supply: cw2015: Check devm_delayed_work_autocancel()
return code (git-fixes).
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path
(git-fixes).
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path
(git-fixes).
- mfd: max77620: Fix potential IRQ chip conflict when probing
two devices (git-fixes).
- platform/x86: intel: chtwc_int33fe: don't dereference swnode
args (git-fixes).
- spi: bcm63xx: drop wrong casts in probe() (git-fixes).
- spi: tegra210-quad: Fix timeout handling (git-fixes).
- regulator: core: Protect regulator_supply_alias_list with
regulator_list_mutex (git-fixes).
- regulator: core: disable supply if enabling main regulator fails
(git-fixes).
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors
(git-fixes).
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe
error and remove (git-fixes).
- mtd: nand: relax ECC parameter validation check (git-fixes).
- Revert "mtd: rawnand: marvell: fix layouts" (git-fixes).
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).
- mtd: maps: pcmciamtd: fix potential memory leak in
pcmciamtd_detach() (git-fixes).
- pwm: bcm2835: Make sure the channel is enabled after
pwm_request() (git-fixes).
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver
(git-fixes).
- commit 6ae74c9
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path
(git-fixes).
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup
(git-fixes).
- media: rc: st_rc: Fix reset control resource leak (git-fixes).
- media: videobuf2: Fix device reference leak in vb2_dc_alloc
error path (git-fixes).
- media: vpif_display: fix section mismatch (git-fixes).
- media: vpif_capture: fix section mismatch (git-fixes).
- media: samsung: exynos4-is: fix potential ABBA deadlock on init
(git-fixes).
- media: renesas: rcar_drif: fix device node reference leak in
rcar_drif_bond_enabled (git-fixes).
- media: amphion: Cancel message work before releasing the VPU
core (git-fixes).
- media: verisilicon: Protect G2 HEVC decoder against invalid
DPB index (git-fixes).
- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).
- media: cec: Fix debugfs leak on bus_register() failure
(git-fixes).
- media: vidtv: initialize local pointers upon transfer of memory
ownership (git-fixes).
- media: pvrusb2: Fix incorrect variable used in trace message
(git-fixes).
- media: msp3400: Avoid possible out-of-bounds array accesses
in msp3400c_thread() (git-fixes).
- media: adv7842: Avoid possible out-of-bounds array accesses
in adv7842_cp_log_status() (git-fixes).
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in
probe (git-fixes).
- media: i2c: adv7842: Remove redundant cancel_delayed_work in
probe (git-fixes).
- media: TDA1997x: Remove redundant cancel_delayed_work in probe
(git-fixes).
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
(git-fixes).
- commit 0f91c8f
- Documentation: hid-alps: Fix packet format section headings
(git-fixes).
- HID: logitech-hidpp: Do not assume FAP in
hidpp_send_message_sync() (git-fixes).
- HID: logitech-dj: Remove duplicate error logging (git-fixes).
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).
- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).
- leds: netxbig: Fix GPIO descriptor leak in error paths
(git-fixes).
- leds: leds-lp50xx: Enable chip before any communication
(git-fixes).
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of
9 LEDs (git-fixes).
- leds: leds-lp50xx: Allow LED 0 to be added to module bank
(git-fixes).
- hwmon: (max16065) Use local variable to avoid TOCTOU
(git-fixes).
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU
(git-fixes).
- hwmon: sy7636a: Fix regulator_enable resource leak on error path
(git-fixes).
- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).
- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure
(git-fixes).
- ASoC: stm32: sai: fix device leak on probe (git-fixes).
- ASoC: qcom: q6asm-dai: perform correct state check before
closing (git-fixes).
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer
alignment (git-fixes).
- ASoC: qcom: q6adm: the the copp device only during last instance
(git-fixes).
- ALSA: dice: fix buffer overflow in detect_stream_formats()
(git-fixes).
- ASoC: fsl_xcvr: clear the channel status control memory
(git-fixes).
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma
(git-fixes).
- drm/amd/display: Fix logical vs bitwise bug in
get_embedded_panel_info_v2_1() (git-fixes).
- drm/nouveau: restrict the flush page to a 32-bit address
(git-fixes).
- drm/mediatek: Fix device node reference leak in
mtk_dp_dt_parse() (git-fixes).
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue
(git-fixes).
- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).
- drm/msm/a6xx: Fix out of bound IO access in
a6xx_get_gmu_registers (git-fixes).
- drm/msm/a2xx: stop over-complaining about the legacy firmware
(git-fixes).
- drm/msm/dpu: Remove dead-code in
dpu_encoder_helper_reset_mixers() (git-fixes).
- drm/vgem-fence: Fix potential deadlock on release (git-fixes).
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg()
(git-fixes).
- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).
- commit 7fcfbe3
- RDMA/irdma: Remove unused struct irdma_cq fields (git-fixes)
Refresh patches.suse/RDMA-irdma-Set-irdma_cq-cq_num-field-during-CQ-creat.patch
- commit acb152c
- wifi: ath12k: fix potential memory leak in
ath12k_wow_arp_ns_offload() (git-fixes).
- commit 3961250
- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line
warning (git-fixes).
- wifi: ieee80211: correct FILS status codes (git-fixes).
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
(git-fixes).
- wifi: mt76: Fix DTS power-limits on little endian systems
(git-fixes).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in
rtl8187_rx_cb() (git-fixes).
- wifi: rtl818x: Fix potential memory leaks in
rtl8180_init_rx_ring() (git-fixes).
- wifi: mac80211: fix CMAC functions not handling errors
(git-fixes).
- net: phy: adin1100: Fix software power-down ready condition
(git-fixes).
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper()
(git-fixes).
- wifi: ath11k: fix peer HE MCS assignment (git-fixes).
- wifi: ath11k: restore register window after global reset
(git-fixes).
- lib/vsprintf: Check pointer before dereferencing in
time_and_date() (git-fixes).
- Documentation/kernel-parameters: fix typo in retbleed= kernel
parameter description (git-fixes).
- Documentation: parport-lowlevel: Separate function listing
code blocks (git-fixes).
- docs: w1: fix w1-netlink invalid URL (git-fixes).
- crypto: ccree - Correctly handle return of sg_nents_for_len
(git-fixes).
- crypto: iaa - Fix incorrect return value in save_iaa_wq()
(git-fixes).
- crypto: rockchip - drop redundant crypto_skcipher_ivsize()
calls (git-fixes).
- crypto: hisilicon/qm - restore original qos values (git-fixes).
- crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id (git-fixes).
- crypto: authenc - Correctly pass EINPROGRESS back up to the
caller (git-fixes).
- ima: Handle error code returned by ima_filter_rule_match()
(git-fixes).
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time
(git-fixes).
- commit 912d691
- btrfs: make sure extent and csum paths are always released in
scrub_raid56_parity_stripe() (git-fixes).
- commit 6dcb53c
- Update config files: drop doubly CONFIG_MITIGATION_TSA=y
- commit e2c35ef
- media: uvcvideo: Force UVC version to 1.0a for 0408:4033
(stable-fixes).
- commit 05e9c29
- mei: me: add wildcat lake P DID (stable-fixes).
- media: pci: ivtv: Don't create fake v4l2_fh (stable-fixes).
- efi: stmm: Fix incorrect buffer allocation method (git-fixes).
- media: qcom: camss: cleanup media device allocated resource
on error path (git-fixes).
- efi/libstub: Avoid physical address 0x0 when doing random
allocation (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable
(git-fixes).
- media: nxp: imx8-isi: Mark all crossbar sink pads as
MUST_CONNECT (stable-fixes).
- media: imx-mipi-csis: Drop extra clock enable at probe()
(git-fixes).
- media: qcom: venus: fix incorrect return value (stable-fixes).
- media: s5p-mfc: Fix potential deadlock on condlock
(stable-fixes).
- media: radio-isa: use dev_name to fill in bus_info
(stable-fixes).
- media: ov5640: fix vblank unchange issue when work at dvp mode
(git-fixes).
- media: qcom: camss: Fix genpd cleanup (git-fixes).
- commit 5b8269a
- ACPI: property: Fix fwnode refcount leak in
acpi_fwnode_graph_parse_endpoint() (git-fixes).
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4
(git-fixes).
- efi/libstub: Fix page table access in 5-level to 4-level paging
transition (git-fixes).
- efi/libstub: Describe missing 'out' parameter in efi_load_initrd
(git-fixes).
- commit 242aae6
- drm/amd/display: Prevent Gating DTBCLK before It Is Properly
Latched (git-fixes).
- commit 3b5db8b
- drm/xe: Prevent BIT() overflow when handling invalid prefetch
region (git-fixes).
- drm/i915/dp_mst: Disable Panel Replay (git-fixes).
- drm/amd/display: avoid reset DTBCLK at clock init
(stable-fixes).
- commit a80834e
- drm/amd: Skip power ungate during suspend for VPE
(stable-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- drm/amd/display: Fix pbn to kbps Conversion (stable-fixes).
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5
(stable-fixes).
- drm/amdgpu: fix gpu page fault after hibernation on PF
passthrough (stable-fixes).
- drm/amd/display: Insert dccg log for easy debug (stable-fixes).
- drm/amd/display: disable DPP RCG before DPP CLK enable
(stable-fixes).
- commit d2e0b93
- Input: cros_ec_keyb - fix an invalid memory access
(stable-fixes).
- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled
(stable-fixes).
- drm/amd/display: Increase DPCD read retries (stable-fixes).
- drm/amd/display: Move sleep into each retry for
retrieve_link_cap() (stable-fixes).
- kconfig/nconf: Initialize the default locale at startup
(stable-fixes).
- kconfig/mconf: Initialize the default locale at startup
(stable-fixes).
- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).
- commit 7011d30
- orangefs: fix xattr related buffer overflow.. (git-fixes).
- commit f97ca07
- rpm/mkspec: Exclude azure from kernel-syms dependencies
Similar to rt azure was initially a separate kernel variant, and not all
KMPs are built for it. kernel-azure-devel should be included as explicit
build depedency to get a KMP for this kernel flavor.
- commit c174e9b
- xhci: fix stale flag preventig URBs after link state error is
cleared (git-fixes).
- drm/xe: Fix conversion from clock ticks to milliseconds
(git-fixes).
- Revert "drm/amd/display: Move setup_stream_attribute"
(stable-fixes).
- commit d37276f
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors
(git-fixes).
- spi: bcm63xx: fix premature CS deassertion on RX-only
transactions (git-fixes).
- firmware: stratix10-svc: fix bug in saving controller data
(git-fixes).
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation
(git-fixes).
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings
fields (git-fixes).
- iio: accel: fix ADXL355 startup race condition (git-fixes).
- iio:common:ssp_sensors: Fix an error handling path ssp_probe()
(git-fixes).
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).
- most: usb: fix double free on late probe failure (git-fixes).
- slimbus: ngd: Fix reference count leak in
qcom_slim_ngd_notify_slaves (git-fixes).
- serial: amba-pl011: prefer dma_mapping_error() over explicit
address checking (git-fixes).
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable()
errors (git-fixes).
- USB: storage: Remove subclass and protocol overrides from
Novatek quirk (git-fixes).
- usb: uas: fix urb unmapping issue when the uas device is remove
during ongoing data transfer (git-fixes).
- usb: dwc3: Fix race condition between concurrent
dwc3_remove_requests() call paths (git-fixes).
- xhci: dbgtty: fix device unregister (git-fixes).
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).
- drivers/usb/dwc3: fix PCI parent check (git-fixes).
- usb: storage: Fix memory leak in USB bulk transport (git-fixes).
- usb: cdns3: Fix double resource release in cdns3_pci_probe
(git-fixes).
- mailbox: mailbox-test: Fix debugfs_create_dir error checking
(git-fixes).
- drm: sti: fix device leaks at component probe (git-fixes).
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling
(git-fixes).
- commit 17705d7
- net: dlink: handle copy_thresh allocation failure (CVE-2025-40053 bsc#1252808)
- commit 975011b
- pid: Add a judgment for ns null in pid_nr_ns (CVE-2025-40178 bsc#1253463)
- commit ce07984
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (CVE-2025-40187 bsc#1253647)
- commit e8a76b4
- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf()
NULL deref (git-fixes).
- commit 0d74148
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling
(git-fixes).
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed
transmitted URBs (git-fixes).
- can: sja1000: fix max irq loop handling (git-fixes).
- can: kvaser_usb: leaf: Fix potential infinite loop in command
parsers (git-fixes).
- net: phy: mxl-gpy: fix link properties on USXGMII and internal
PHYs (git-fixes).
- atm/fore200e: Fix possible data race in fore200e_open()
(git-fixes).
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing
(git-fixes).
- Bluetooth: hci_sock: Prevent race in socket write iter and
sock bind (git-fixes).
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated
PHY (git-fixes).
- platform/x86: intel: punit_ipc: fix memory corruption
(git-fixes).
- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).
- commit 2366cbf
- remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (CVE-2025-40033 bsc#1252824)
- commit 2054391
- dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134 bsc#1253386)
- commit 1e5953d
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
- commit bd1d198
- KVM: arm64: Prevent access to vCPU events before init (CVE-2025-40102 bsc#1252919)
- commit 104fba7
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (CVE-2025-40081 bsc#1252776)
- commit f1cab17
- Add dtb-spacemit
SpacemiT boards include MilkV-Jupiter, Banana Pi F3 and Orange Pi RV2.
- commit f2f396d
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Add capability to register Platform Name ID to
fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in
point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED
during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps
(bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point
topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs
(bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in
lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and
comments (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging
(bsc#1254119).
- commit bfcfc18
- nvme-multipath: fix lockdep WARN due to partition scan work
(git-fixes bsc#1233640 CVE-2024-53093).
- commit 28a7b7d
- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).
- commit a7bb416
- nvme: Use non zero KATO for persistent discovery connections
(git-fixes).
- commit 4d9eece
- openssl-1_1
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- libpng16
-
- security update
- added patches
CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
* libpng16-CVE-2025-28162,28164.patch
- python311
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- supportutils
-
- Changes to version 3.2.12
+ Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
+ Run in containers without errors (bsc#1245667, PR#272)
+ Removed pmap PID from memory.txt (bsc#1246011, PR#263)
+ Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
+ Improved database perforce with kGraft patching (bsc#1249657, PR#273)
+ Using last boot for journalctl for optimization (bsc#1250224, PR#287)
+ Fixed extraction failures (bsc#1252318, PR#275)
+ Update supportconfig.conf path in docs (bsc#1254425, PR#281)
+ drm_sub_info: Catch error when dir doesn't exist (PR#265)
+ Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
+ Add process affinity to slert logs (PR#269)
+ Reintroduce cgroup statistics (and v2) (PR#270)
+ Minor changes to basic-health-check: improve information level (PR#271)
+ Collect important machine health counters (PR#276)
+ powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
+ podman: collect podman disk usage (PR#279)
+ Exclude binary files in crondir (PR#282)
+ kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
+ Use short-iso for journalctl (PR#288)
- Changes to version 3.2.11
+ Collect rsyslog frule files (bsc#1244003, pr#257)
+ Remove proxy passwords (bsc#1244011, pr#257)
+ Missing NetworkManager information (bsc#1241284, pr#257)
+ Include agama logs bsc#1244937, pr#256)
+ Additional NFS conf files (pr#253)
+ New fadump sysfs files (pr#252)
+ Fixed change log dates