- apparmor
-
- Fix deny exec of rpc_witness; (bsc#1225811).
* add apparmor-rpcd-witness.patch
- Add some misc fixes for samba-4.21.x denies; (bsc#1259441).
* add samba-misc-rpcd-spoolss.patch
- bind
-
- Upgrade to release 9.20.21
Security Fixes:
* Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805]
* Fix memory leaks in code preparing DNSSEC proofs of
non-existence.
(CVE-2026-3104)
[bsc#1260567]
* Prevent a crash in code processing queries containing a TKEY
record.
(CVE-2026-3119)
[bsc#1260568]
* Fix a stack use-after-return flaw in SIG(0) handling code.
(CVE-2026-3591)
[bsc#1260569]
* Fix a use-after-free error in dns_client_resolve() triggered by
a DNAME response. This issue only affected the delv tool and it
has now been fixed.
[bsc#1259202]
Feature Changes:
* Record query time for all dnstap responses.
* Optimize TCP source port selection on Linux.
Bug Fixes:
* Fix the handling of key statements defined inside views.
* Fix an assertion failure triggered by non-minimal IXFRs.
* Fix a crash when retrying a NOTIFY over TCP.
* Fetch loop detection improvements.
* Randomize nameserver selection.
* Fix dnstap logging of forwarded queries.
* A stale answer could have been served in case of multiple
upstream failures when following CNAME chains. This has been
fixed.
* Fail DNSKEY validation when supported but invalid DS is found.
* Importing an invalid SKR file might corrupt stack memory.
* Return FORMERR for queries with the EDNS Client Subnet FAMILY
field set to 0.
* Fix inbound IXFR performance regression.
* Make catalog zone names and member zones' entry names
case-insensitive.
* Fix implementation of BRID and HHIT record types.
* Fix implementation of DSYNC record type.
* Fix response policy and catalog zones to work with $INCLUDE
directive.
- crypto-policies
-
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- glibc
-
- resolv-count-resource-records.patch: resolv: Count records correctly
(CVE-2026-4437, bsc#1260078, BZ #34014)
- resolv-check-hostname.patch: resolv: Check hostname for validity
(CVE-2026-4438, bsc#1260082, BZ #34015)
- grub2
-
- Fix missing install device check in grub2-install on PowerPC which could lead
to bootlist corruption (bsc#1221126)
* 0001-Mandatory-install-device-check-for-PowerPC.patch
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* grub2-btrfs-09-get-default-subvolume.patch
- kernel-default
-
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
(CVE-2026-23125 bsc#1258293).
- commit 6e65546
- Add bugnumber to existing mana changes (bsc#1259558 bsc#1259580).
- Drivers: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes).
- Drivers: hv: Fix bad pointer dereference in hv_get_partition_id (git-fixes).
- hyperv: Convert hypercall statuses to linux error codes (git-fixes).
- drivers/hv: add CPU offlining support (git-fixes).
- drivers/hv: introduce vmbus_channel_set_cpu() (git-fixes).
- cpu: export lockdep_assert_cpus_held() (git-fixes).
- hyperv: Move arch/x86/hyperv/hv_proc.c to drivers/hv (git-fixes).
- hyperv: Move hv_current_partition_id to arch-generic code (git-fixes).
- commit 7492ec1
- ACPI: OSL: fix __iomem type on return from
acpi_os_map_generic_address() (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable()
return value (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets
(git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum
errors (git-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size
(git-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request
(git-fixes).
- commit 5d32ac9
- apparmor: fix race between freeing data and fs accessing it
(bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit 9f31a2e
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186,
bsc#1258832).
- commit 4fde182
- RDMA/rtrs-clt: For conn rejection use actual err number (git-fixes)
- commit c91403f
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit a33e581
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit c330474
- cgroup: Fix incorrect WARN_ON_ONCE() in css_release_work_fn()
(bsc#1256564 bsc#1259130).
- commit af50ef7
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258176).
- commit bad7291
- Update config files (bsc#1254306).
- commit 6305722
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 43c578c
- Update config files (bsc#1254306).
- commit 3c7bab7
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 165c4b3
- kabi: cgroup.stat fixup (bsc#1256564 bsc#1259130).
- commit 6ccb250
- cgroup: Show # of subsystem CSSes in cgroup.stat (bsc#1256564
bsc#1259130).
- commit e9ca9e6
- selftests/bpf: add verifier sign extension bound computation
tests (git-fixes).
- bpf: verifier improvement in 32bit shift sign extension pattern
(git-fixes).
- commit cbb7102
- Add bugnumber to existing mana changes (bsc#1245728 bsc#1251971 bsc#1252266 bsc#1257466)
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes).
- Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: util: Cosmetic changes for hv_utils_transport.c (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- tools/hv: fcopy: Fix irregularities with size of ring buffer (git-fixes).
- x86/hyperv: Fix usage of cpu_online_mask to get valid cpu (git-fixes).
- PCI: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- clocksource: hyper-v: Fix warnings for missing export.h header inclusion (git-fixes).
- x86/hyperv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Fix the check for HYPERVISOR_CALLBACK_VECTOR (git-fixes).
- Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- Drivers: hv: Use kzalloc for panic page allocation (git-fixes).
- uio_hv_generic: Align ring size to system page (git-fixes).
- uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes).
- Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes).
- Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- x86/hyperv: fix an indentation issue in mshyperv.h (git-fixes).
- x86/hyperv: Use named operands in inline asm (git-fixes).
- commit fbd3c33
- dm mpath: make pg_init_delay_msecs settable (git-fixes).
- commit b5dcc03
- dm: clear cloned request bio pointer when last clone bio
completes (git-fixes).
- commit f2572c8
- dm: remove fake timeout to avoid leak request (git-fixes).
- commit 04135ad
- usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed
PDOs (git-fixes).
- commit da08138
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
(git-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- commit 29de358
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
(git-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done()
(git-fixes).
- drm/solomon: Fix page start when updating rectangle in page
addressing mode (git-fixes).
- platform/x86: dell-wmi-sysman: Don't hex dump plaintext password
data (git-fixes).
- commit 76161b1
- tracing: Fix crash on synthetic stacktrace field usage
(CVE-2026-23088 bsc#1257814).
- commit 5950c9c
- tracing: Do not register unsupported perf events (CVE-2025-71125
bsc#1256784).
- commit 83b1b69
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion
callback (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths
(git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications
(git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read
bulk callback (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages
(git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper
length of a message (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open
(git-fixes).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- wifi: mt76: Fix possible oob access in
mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in
mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in
mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
(git-fixes).
- batman-adv: Avoid double-rtnl_lock ELP metric worker
(git-fixes).
- commit 502e268
- drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811).
- commit d38edfb
- drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt
(stable-fixes).
- commit 4302d49
- drm/xe: Defer gt->mmio initialization until after multi-tile
setup (git-fixes).
- commit fd760a3
- drm/xe/ptl: Apply Wa_13011645652 (stable-fixes).
- Refresh
patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch.
- commit 6feb03f
- drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138
(git-fixes).
- drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics
(stable-fixes).
- drm/amd/display: Remove conditional for shaper 3DLUT power-on
(stable-fixes).
- drm/amd/display: bypass post csc for additional color spaces
in dal (stable-fixes).
- drm/amd/display: Increase DCN35 SR enter/exit latency
(stable-fixes).
- drm/amd/display: Fix system resume lag issue (stable-fixes).
- drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes).
- wifi: ath11k: Fix failure to connect to a 6 GHz AP
(stable-fixes).
- wifi: cfg80211: allow only one NAN interface, also in multi
radio (stable-fixes).
- wifi: rtw89: mac: correct page number for CSI response
(stable-fixes).
- wifi: rtw89: ser: enable error IMR after recovering from L1
(stable-fixes).
- wifi: rtw89: 8922a: set random mac if efuse contains zeroes
(stable-fixes).
- drm/amd/display: avoid dig reg access timeout on usb4 link
training fail (stable-fixes).
- drm/amd/display: Fix GFX12 family constant checks
(stable-fixes).
- drm/amd/display: Disable FEC when powering down encoders
(stable-fixes).
- drm/amdkfd: Relax size checking during queue buffer get
(stable-fixes).
- drm/amd/display: only power down dig on phy endpoints
(stable-fixes).
- drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes).
- drm/xe: Only toggle scheduling in TDR if GuC is running
(stable-fixes).
- drm/panel: Fix a possible null-pointer dereference in
jdi_panel_dsi_remove() (stable-fixes).
- drm/amd/display: Fix dsc eDP issue (stable-fixes).
- drm/amd/display: Add signal type check for dcn401
get_phyd32clk_src (stable-fixes).
- drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32
(stable-fixes).
- drm/amdkfd: Handle GPU reset and drain retry fault race
(stable-fixes).
- drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes).
- drm/tests: shmem: Swap names of export tests (git-fixes).
- gpu/panel-edp: add AUO panel entry for B140HAN06.4
(stable-fixes).
- media: v4l2-async: Fix error handling on steps after finding
a match (stable-fixes).
- ALSA: vmaster: Relax __free() variable declarations (git-fixes).
- drm/xe/xe2_hpg: Add set of workarounds (stable-fixes).
- drm/xe: Adjust mmio code to pass VF substructure to SRIOV code
(stable-fixes).
- drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes).
- drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes).
- drm/xe: Populate GT's mmio iomap from tile during init
(stable-fixes).
- drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio'
(stable-fixes).
- drm/xe: Clarify size of MMIO region (stable-fixes).
- drm/xe: Create dedicated xe_mmio structure (stable-fixes).
- drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes).
- commit 2244462
- pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong
adb400 reset (git-fixes).
- commit 2918962
- ASoC: nau8821: Cancel pending work before suspend (git-fixes).
- ASoC: nau8821: Cancel delayed work on component remove
(git-fixes).
- commit b862c94
- spi: wpcm-fiu: Fix potential NULL pointer dereference in
wpcm_fiu_probe() (git-fixes).
- thermal: int340x: Fix sysfs group leak on DLVR registration
failure (stable-fixes).
- watchdog: imx7ulp_wdt: handle the nowayout option
(stable-fixes).
- wifi: ath10k: fix lock protection in
ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes).
- wifi: rtw89: pci: restore LDO setting after device resume
(stable-fixes).
- wifi: iwlwifi: mvm: check the validity of noa_len
(stable-fixes).
- wifi: ath12k: fix preferred hardware mode calculation
(stable-fixes).
- wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
(stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il4965_store_tx_power() (stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il3945_store_measurement() (stable-fixes).
- wifi: rtw89: wow: add reason codes for disassociation in WoWLAN
mode (stable-fixes).
- wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes).
- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
(stable-fixes).
- wifi: rtw88: fix DTIM period handling when conf->dtim_period
is zero (stable-fixes).
- wifi: libertas: fix WARNING in usb_tx_block (stable-fixes).
- spi: spi-mem: Protect dirmap_create() with
spi_mem_access_start/end (stable-fixes).
- spi: spi-mem: Limit octal DTR constraints to octal DTR
situations (stable-fixes).
- spi: stm32: fix Overrun issue at < 8bpw (stable-fixes).
- spi-geni-qcom: initialize mode related registers to 0
(stable-fixes).
- spi-geni-qcom: use xfer->bits_per_word for can_dma()
(stable-fixes).
- tools/power cpupower: Reset errno before strtoull()
(stable-fixes).
- spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes).
- commit 9ae9cd6
- PCI: Add defines for bridge window indexing (stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 7f99d8e
- PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
(stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 8b1fafb
- media: dvb-net: fix OOB access in ULE extension header tables
(git-fixes).
- rtc: zynqmp: correct frequency value (stable-fixes).
- ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
(stable-fixes).
- ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
(stable-fixes).
- net: usb: catc: enable basic endpoint checking (git-fixes).
- phy: mvebu-cp110-utmi: fix dr_mode property read from dts
(stable-fixes).
- phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
(stable-fixes).
- soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded
of NUC15) (stable-fixes).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (stable-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(stable-fixes).
- staging: rtl8723bs: fix memory leak on failure path
(stable-fixes).
- staging: rtl8723bs: fix missing status update on
sdio_alloc_irq() failure (stable-fixes).
- iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes).
- iio: Use IRQF_NO_THREAD (stable-fixes).
- Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay
to 5ms" (git-fixes).
- mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
(git-fixes).
- misc: bcm_vk: Fix possible null-pointer dereferences in
bcm_vk_read() (stable-fixes).
- misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
(stable-fixes).
- net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in
uhdlc_memclean() (git-fixes).
- nfc: nxp-nci: remove interrupt trigger type (stable-fixes).
- myri10ge: avoid uninitialized variable use (stable-fixes).
- net: usb: sr9700: remove code to drive nonexistent multicast
filter (stable-fixes).
- net: usb: r8152: fix transmit queue timeout (stable-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(stable-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes).
- PCI: Fix pci_slot_lock () device locking (stable-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(stable-fixes).
- media: rkisp1: Fix filter mode register configuration
(stable-fixes).
- media: cx25821: Fix a resource leak in cx25821_dev_setup()
(stable-fixes).
- media: pvrusb2: fix URB leak in pvr2_send_request_ex
(stable-fixes).
- media: solo6x10: Check for out of bounds chip_id (stable-fixes).
- media: adv7180: fix frame interval in progressive mode
(stable-fixes).
- media: amphion: Clear last_buffer_dequeued flag for
DEC_CMD_START (stable-fixes).
- media: omap3isp: isppreview: always clamp in
preview_try_format() (stable-fixes).
- media: omap3isp: set initial format (stable-fixes).
- media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
(stable-fixes).
- media: dvb-core: dmxdevfilter must always flush bufs
(stable-fixes).
- HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
(stable-fixes).
- HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes).
- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
(stable-fixes).
- HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes).
- HID: magicmouse: Do not crash on missing msc->input
(stable-fixes).
- HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple
keyboards (stable-fixes).
- hwmon: (f71882fg) Add F81968 support (stable-fixes).
- hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes).
- gpio: aspeed-sgpio: Change the macro to support deferred probe
(stable-fixes).
- PCI/MSI: Unmap MSI-X region on error (stable-fixes).
- i3c: master: svc: Initialize 'dev' to NULL in
svc_i3c_master_ibi_isr() (stable-fixes).
- spi: wpcm-fiu: Fix uninitialized res (git-fixes).
- spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
(stable-fixes).
- PCI: Log bridge info when first enumerating bridge
(stable-fixes).
- PCI: Log bridge windows conditionally (stable-fixes).
- PCI: Supply bridge device, not secondary bus, to read window
details (stable-fixes).
- PCI: Move pci_read_bridge_windows() below individual window
accessors (stable-fixes).
- commit 291a680
- ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
(stable-fixes).
- drm/amdgpu: Add HAINAN clock adjustment (stable-fixes).
- drm/radeon: Add HAINAN clock adjustment (stable-fixes).
- drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amd/display: Avoid updating surface with the same surface
under MPO (stable-fixes).
- drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
(stable-fixes).
- dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes).
- dmaengine: sun6i: Choose appropriate burst length under maxburst
(stable-fixes).
- fpga: of-fpga-region: Fail if any bridge is missing
(stable-fixes).
- fix it87_wdt early reboot by reporting running timer
(stable-fixes).
- fbdev: ffb: fix corrupted video output on Sun FFB1
(stable-fixes).
- ata: libata: avoid long timeouts on hot-unplugged SATA DAS
(stable-fixes).
- Bluetooth: btusb: Add device ID for Realtek RTL8761BU
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes).
- Bluetooth: hci_conn: Set link_policy on incoming ACL connections
(stable-fixes).
- Bluetooth: hci_conn: use mod_delayed_work for active mode
timeout (stable-fixes).
- drm/atmel-hlcdc: don't reject the commit if the src rect has
fractional parts (stable-fixes).
- drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after
release (stable-fixes).
- drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state
callback (stable-fixes).
- drm: Account property blob allocations to memcg (stable-fixes).
- drm/amdkfd: Fix GART PTE for non-4K pagesize in
svm_migrate_gart_map() (stable-fixes).
- drm/amdgpu: avoid a warning in timedout job handler
(stable-fixes).
- drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes).
- drm/v3d: Set DMA segment size to avoid debug warnings
(stable-fixes).
- drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
(stable-fixes).
- drm/display/dp_mst: Add protection against 0 vcpi
(stable-fixes).
- ASoC: codecs: max98390: Check return value of
devm_gpiod_get_optional() in max98390_i2c_probe()
(stable-fixes).
- ASoC: sunxi: sun50i-dmic: Add missing check for
devm_regmap_init_mmio (stable-fixes).
- ASoC: wm8962: Don't report a microphone if it's shorted to
ground on plug (stable-fixes).
- ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
(stable-fixes).
- ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes).
- docs: fix WARNING document not included in any toctree
(stable-fixes).
- drm/amdkfd: fix debug watchpoints for logical devices
(stable-fixes).
- commit 0c8127e
- ASoC: nau8821: Consistently clear interrupts before unmasking
(git-fixes).
- Refresh
patches.suse/ASoC-nau8821-Add-DMI-quirk-to-bypass-jack-debounce-c.patch.
- commit abf4286
- ALSA: usb-audio: Add sanity check for OOB writes at silencing
(stable-fixes).
- ALSA: usb-audio: Update the number of packets properly at
receiving (stable-fixes).
- ALSA: usb-audio: Add iface reset and delay quirk for AB13X
USB Audio (stable-fixes).
- ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie
15X Pro (stable-fixes).
- APEI/GHES: ensure that won't go past CPER allocated record
(stable-fixes).
- ACPI: processor: Fix NULL-pointer dereference in
acpi_processor_errata_piix4() (stable-fixes).
- ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
(stable-fixes).
- ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
(stable-fixes).
- commit d3af28a
- spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes)
- commit 9802dbf
- spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes)
- commit 64847d6
- spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes)
- commit bd7c7ca
- arm64: Disable branch profiling for all arm64 code (git-fixes)
- commit 1953e74
- arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes)
- commit c0727ca
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (git-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(git-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(git-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(git-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes).
- PCI: Fix pci_slot_lock () device locking (git-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(git-fixes).
- PCI/MSI: Unmap MSI-X region on error (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes).
- commit e99138a
- mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
(CVE-2026-23169 bsc#1258389).
- commit fdf82e1
- net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154
bsc#1258286).
- commit fa03082
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit bd83957
- vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069).
- Refresh
patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch.
- commit aab63d9
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() helper which is required.
- commit 926e136
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- iommu/mediatek: fix use-after-free on probe deferral
(CVE-2025-71071 bsc#1256802).
- commit 0b777d9
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 9bb0920
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit ccf2d31
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
(CVE-2026-23113 bsc#1258278).
- commit 2e91927
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 1c35b41
- nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
(CVE-2026-23179 bsc#1258394).
- commit 63de389
- btrfs: don't log conflicting inode if it's a dir moved in the
current transaction (bsc#1256683 CVE-2025-68778).
- commit 0cd8ff8
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit e38d2c3
- landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698).
- commit cdf3815
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- commit 5db1b51
- pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask
for 8mq vpu (CVE-2026-23116 bsc#1258277).
- commit 1905ad8
- Add bugnumber to existing mana change (bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- commit 425b20d
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- commit 175e6eb
- nvme-fc: release admin tagset if init fails (git-fixes).
- nvme-pci: disable secondary temp for Wodposit WPBSNM8
(git-fixes).
- nvme-fc: don't hold rport lock when putting ctrl (git-fixes).
- commit d0ac38c
- bonding: fix use-after-free due to enslave fail after slave
array update (CVE-2026-23171 bsc#1258349).
- bonding: provide a net pointer to __skb_flow_dissect()
(CVE-2026-23119 bsc#1258273).
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- net: bonding: update the slave array for broadcast mode
(CVE-2026-23171 bsc#1258349).
- commit d461cd4
- Update
patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch
(stable-fixes CVE-2026-23157 bsc#1258376).
- Update
patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
(bsc#1257473 CVE-2026-23054 bsc#1257732).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-handler.patch
(bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_combined.patch
(bsc#1257952 CVE-2026-23202 bsc#1258338).
- commit 9f4fee7
- Update
patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch
(git-fixes CVE-2026-23128 bsc#1258298).
- Update
patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch
(bsc#1257279 CVE-2026-22989).
- Update
patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch
(git-fixes CVE-2026-23065 bsc#1257742).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch
(git-fixes CVE-2026-23062 bsc#1257734).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch
(git-fixes CVE-2026-23131 bsc#1258297).
- Update
patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch
(git-fixes CVE-2026-23038 bsc#1257553).
- commit b60a065
- Update
patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch
(git-fixes CVE-2025-71192 bsc#1257679).
- Update
patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch
(stable-fixes CVE-2026-23076 bsc#1257788).
- Update
patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch
(git-fixes CVE-2026-23078 bsc#1257789).
- Update
patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch
(git-fixes CVE-2026-23190 bsc#1258397).
- Update
patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch
(git-fixes CVE-2026-23151 bsc#1258237).
- Update
patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch
(git-fixes CVE-2026-23146 bsc#1258234).
- Update
patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch
(stable-fixes CVE-2026-23178 bsc#1258358).
- Update
patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch
(git-fixes CVE-2026-23221 bsc#1258660).
- Update
patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch
(git-fixes CVE-2026-23058 bsc#1257739).
- Update
patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch
(git-fixes CVE-2026-23037 bsc#1257554).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch
(git-fixes CVE-2026-23155 bsc#1258313).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch
(git-fixes CVE-2026-23082 bsc#1257715).
- Update
patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch
(stable-fixes CVE-2025-71182 bsc#1257586).
- Update
patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch
(git-fixes CVE-2026-23061 bsc#1257776).
- Update
patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23080 bsc#1257714).
- Update
patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23108 bsc#1257770).
- Update
patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch
(git-fixes CVE-2025-71231 bsc#1258424).
- Update
patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch
(git-fixes CVE-2026-23222 bsc#1258484).
- Update
patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch
(git-fixes CVE-2026-23229 bsc#1258429).
- Update
patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch
(git-fixes CVE-2025-71191 bsc#1257579).
- Update
patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch
(git-fixes CVE-2025-71190 bsc#1257580).
- Update
patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch
(git-fixes CVE-2025-71189 bsc#1257573).
- Update
patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch
(git-fixes CVE-2025-71188 bsc#1257576).
- Update
patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch
(git-fixes CVE-2026-23033 bsc#1257570).
- Update
patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch
(git-fixes CVE-2026-23026 bsc#1257562).
- Update
patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch
(git-fixes CVE-2025-71185 bsc#1257560).
- Update
patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch
(git-fixes CVE-2025-71195 bsc#1257704).
- Update patches.suse/dpll-Prevent-duplicate-registrations.patch
(git-fixes CVE-2026-23129 bsc#1258299).
- Update
patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch
(git-fixes CVE-2026-23163 bsc#1258544).
- Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch
(git-fixes CVE-2026-23170 bsc#1258379).
- Update
patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch
(git-fixes CVE-2026-23049 bsc#1257723).
- Update
patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch
(git-fixes CVE-2026-23156 bsc#1258317).
- Update
patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch
(git-fixes CVE-2026-23145 bsc#1258326).
- Update
patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch
(git-fixes CVE-2025-71199 bsc#1257750).
- Update
patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch
(git-fixes CVE-2025-71198 bsc#1257741).
- Update
patches.suse/intel_th-fix-device-leak-on-output-open.patch
(git-fixes CVE-2026-23091 bsc#1257813).
- Update
patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch
(git-fixes CVE-2026-23101 bsc#1257768).
- Update
patches.suse/mISDN-annotate-data-race-around-dev-work.patch
(git-fixes CVE-2026-23121 bsc#1258309).
- Update
patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch
(git-fixes CVE-2025-71200 bsc#1258222).
- Update
patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch
(git-fixes CVE-2026-23021 bsc#1257557).
- Update
patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch
(git-fixes CVE-2026-23172 bsc#1258519).
- Update
patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch
(git-fixes CVE-2026-23150 bsc#1258354).
- Update
patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch
(git-fixes CVE-2026-23167 bsc#1258374).
- Update
patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch
(git-fixes CVE-2025-71196 bsc#1257716).
- Update
patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch
(git-fixes CVE-2026-23176 bsc#1258256).
- Update
patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch
(git-fixes CVE-2026-23071 bsc#1257706).
- Update
patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch
(bsc#1256863 CVE-2025-71235 bsc#1258469).
- Update
patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch
(bsc#1256863 CVE-2025-71232 bsc#1258422).
- Update
patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch
(bsc#1256863 CVE-2025-71236 bsc#1258442).
- Update
patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch
(git-fixes CVE-2026-23090 bsc#1257759).
- Update
patches.suse/spi-spi-sprd-adi-Fix-double-free-in-probe-error-path.patch
(git-fixes CVE-2026-23068 bsc#1257805).
- Update
patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch
(git-fixes CVE-2026-23182 bsc#1258259).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch
(git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch
(git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338).
- Update
patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch
(git-fixes CVE-2026-23063 bsc#1257722).
- Update
patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch
(git-fixes CVE-2026-23096 bsc#1257809).
- Update
patches.suse/uacce-fix-isolate-sysfs-check-condition.patch
(git-fixes CVE-2026-23094 bsc#1257811).
- Update
patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch
(git-fixes CVE-2026-23056 bsc#1257729).
- Update
patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch
(git-fixes CVE-2025-71197 bsc#1257743).
- Update
patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23133 bsc#1258249).
- Update
patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23135 bsc#1258245).
- Update
patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch
(git-fixes CVE-2026-23152 bsc#1258252).
- Update
patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch
(stable-fixes CVE-2025-71224 bsc#1258824).
- Update
patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch
(git-fixes CVE-2026-23073 bsc#1257707).
- Update
patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch
(git-fixes CVE-2025-71234 bsc#1258419).
- Update
patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch
(git-fixes CVE-2025-71229 bsc#1258415).
- Update
patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch
(stable-fixes CVE-2025-71222 bsc#1258279).
- commit 30080c1
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- commit 7b00832
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
(CVE-2026-23166 bsc#1258272).
- net/mlx5e: TC, delete flows only for existing peers
(CVE-2026-23173 bsc#1258520).
- commit 1315a36
- device property: Allow secondary lookup in
fwnode_get_next_child_node() (git-fixes).
- commit 13b0bcb
- drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user
(stable-fixes).
- commit 954a53a
- drm/amd: Disable MES LR compute W/A (git-fixes).
- drm/amdgpu: Fix locking bugs in error paths (git-fixes).
- drm/amdgpu: Unlock a mutex before destroying it (git-fixes).
- drm/xe/sync: Cleanup partially initialized sync on parse failure
(git-fixes).
- commit 8b90e65
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB
Audio 2.0 (stable-fixes).
- ALSA: usb-audio: Check max frame size for implicit feedback
mode, too (stable-fixes).
- commit 94dd673
- PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes).
- mmc: mmci: Fix device_node reference leak in
of_get_dml_pipe_index() (git-fixes).
- ALSA: usb-audio: Use correct version for UAC3 header validation
(git-fixes).
- ALSA: usb-audio: Use inclusive terms (git-fixes).
- ALSA: usb-audio: Cap the packet size pre-calculations
(git-fixes).
- ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite
devices (git-fixes).
- drm/bridge: samsung-dsim: Fix memory leak in error path
(git-fixes).
- drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
(git-fixes).
- drm/logicvc: Fix device node reference leak in
logicvc_drm_config_parse() (git-fixes).
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (git-fixes).
- drm/vmwgfx: Fix invalid kref_put callback in
vmw_bo_dirty_release (git-fixes).
- commit b1fa310
- scsi: core: Wake up the error handler when final completions
race against each other (CVE-2026-23110 bsc#1257761).
- commit 59f5efa
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 5bf422c
- netfilter: nf_conncount: update last_gc only when GC has been
performed (CVE-2026-23139 bsc#1258304).
- commit 9a70b26
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU
is too short (git-fixes).
- commit f391178
- ipmi: ipmb: initialise event handler read bytes (git-fixes).
- wifi: mac80211: fix NULL pointer dereference in
mesh_rx_csa_frame() (git-fixes).
- wifi: mac80211: bounds-check link_id in
ieee80211_ml_reconfiguration (git-fixes).
- wifi: radiotap: reject radiotap with unknown bits (git-fixes).
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
(git-fixes).
- wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes).
- net: usb: kaweth: validate USB endpoints (git-fixes).
- net: usb: kalmia: validate USB endpoints (git-fixes).
- nfc: pn533: properly drop the usb interface reference on
disconnect (git-fixes).
- Bluetooth: L2CAP: Fix missing key size check for
L2CAP_LE_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix not checking output MTU is acceptable
on L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes).
- Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
(git-fixes).
- net: usb: pegasus: enable basic endpoint checking (git-fixes).
- net: wan: farsync: Fix use-after-free bugs caused by unfinished
tasklets (git-fixes).
- net: usb: lan78xx: scan all MDIO addresses on LAN7801
(git-fixes).
- net: usb: kaweth: remove TX queue manipulation in
kaweth_set_rx_mode (git-fixes).
- commit d2c7de0
- Revert "bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860)."
This reverts commit 45e79fa43bd459d00fcbd8572c0235c97ead4eac.
- commit 5c2ddac
- Revert "bpf: selftests: test_tunnel: Setup fresh topology for each"
This reverts commit 68c386807298a24f9aaa6abc773ca2e55811d8b6.
- commit ca269d7
- Revert "bpf: selftests: test_tunnel: Use vmlinux.h declarations"
This reverts commit b101cc06246d1d56fdccbf3b52a3e33d3ab78fcd.
- commit 639f9af
- Revert "bpf: selftests: Move xfrm tunnel test to test_progs"
This reverts commit baa465cbeff2a2ccfc187f1574d3d0355859f272.
- commit a6bd63d
- Revert "bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()"
This reverts commit 403fe191fe7429208c4374563e8fc715d173c238.
- commit 39fadc8
- Revert "selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860)."
This reverts commit 89e2c21a144bfef03d958aa8aba86be1de03c133.
- commit 5770b5a
- Revert "selftests/bpf: Use log_err in open_netns/close_netns"
This reverts commit 9e46239ec7083baf333a04a0a51b2129f7122e7a.
- commit 68fe369
- Revert "selftests/bpf: Use start_server_addr in test_sock_addr"
This reverts commit 1e47448bd1a58eeab1dd8308a33e87a13bfbc5fe.
- commit 9b790d3
- Revert "selftests/bpf: Use connect_to_addr in test_sock_addr"
This reverts commit 00365076b79bf8b793ffcbbe165fb923d3e076bd.
- commit cc69856
- Revert "selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860)."
This reverts commit 786d917527f8c57750479330c284ce9ede53e6e6.
- commit a0a2a9a
- Revert "selftests/bpf: test_tunnel: Add generic_attach* helpers"
This reverts commit d00f95407a6bf8c5e0fe175806995c6a8bba1683.
- commit 5760cd8
- Revert "selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860)."
This reverts commit 1525c5f10c0ca570c1e6e641af561065636f1356.
- commit bd8651e
- Revert "selftests/bpf: test_tunnel: Move gre tunnel test to test_progs"
This reverts commit 84e2ac063d854f26c493e4576f3154c31e7ef2bb.
- commit 3729eff
- Revert "selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs"
This reverts commit cea730b64379dd4265fc22c3a8dcfdbd6632a373.
- commit 773df48
- Revert "selftests/bpf: test_tunnel: Move erspan tunnel tests to"
This reverts commit 90ab03e0fed26cdd1ee6878c11beaa5641ed4ee1.
- commit 391cff5
- Revert "selftests/bpf: test_tunnel: Move ip6erspan tunnel test to"
This reverts commit 9d0a9339e46eb2c68faa309c432df999a044ff8a.
- commit b3ce611
- Revert "selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs"
This reverts commit cff739edc102c0cf0e6bf0be504c669e73ca82b6.
- commit 447b0a9
- Revert "selftests/bpf: test_tunnel: Move ip6geneve tunnel test to"
This reverts commit 168675720cca9f6bfbf6b34c72da4b14ac8ecc3e.
- commit 990a5e1
- Revert "selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to"
This reverts commit 26f094635338982e7cf328585ba0e3b174e0e237.
- commit a0926bf
- Revert "selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860)."
This reverts commit 542a820e6c16a29a38de43382592291155a85b37.
- commit 1168a2b
- Revert "selftests/bpf: Add tc helpers (bsc#1258860)."
This reverts commit a635f692532a997ddc4668475305776129f1a250.
- commit 033e435
- Revert "selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big"
This reverts commit e252cc0f9b00a28f8103ec74a25d1ede910e6493.
- commit 3337410
- Revert "selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs"
This reverts commit 900bd3fb0f6ad0d835060091065f93b8b2f4210b.
- commit 959a197
- Revert "selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860)."
This reverts commit 96504e8a2651dca694614c965eb984216c94f994.
- commit e629708
- Revert "selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860)."
This reverts commit 83fdb5c0e6bca17ff1eb8cf9bacdfd20b9046a81.
- commit ba86619
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 2e0cb69
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(CVE-2026-23213 bsc#1258465).
- commit bec3979
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(CVE-2026-23213 bsc#1258465).
- commit 3b81ead
- ice: Fix PTP NULL pointer dereference during VSI rebuild
(CVE-2026-23210 bsc#1258517).
- commit 2aa5940
- media: dvb-core: fix wrong reinitialization of ringbuffer on
reopen (git-fixes).
- commit ba51966
- NFS: Fix a deadlock involving nfs_release_folio()
(CVE-2026-23053 bsc#1257718).
- commit 492ba43
- selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860).
- selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860).
- selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs
(bsc#1258860).
- selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big
endian platforms (bsc#1258860).
- selftests/bpf: Add tc helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6geneve tunnel test to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6erspan tunnel test to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move erspan tunnel tests to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Move gre tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Add generic_attach* helpers
(bsc#1258860).
- selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860).
- selftests/bpf: Use connect_to_addr in test_sock_addr
(bsc#1258860).
- selftests/bpf: Use start_server_addr in test_sock_addr
(bsc#1258860).
- selftests/bpf: Use log_err in open_netns/close_netns
(bsc#1258860).
- selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860).
- bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()
(bsc#1258860).
- bpf: selftests: Move xfrm tunnel test to test_progs
(bsc#1258860).
- bpf: selftests: test_tunnel: Use vmlinux.h declarations
(bsc#1258860).
- bpf: selftests: test_tunnel: Setup fresh topology for each
subtest (bsc#1258860).
- bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860).
- commit 83fdb5c
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit e973f50
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing
memslot (CVE-2025-68810 bsc#1256679).
- commit a9c2c12
- md: suspend array while updating raid_disks via sysfs
(CVE-2025-71225, bsc#1258411).
- commit 22f1953
- nfsd: use correct loop termination in nfsd4_revoke_states()
(git-fixes).
- Refresh
patches.suse/nfsd-allow-delegation-state-ids-to-be-revoked-and-th.patch.
- Refresh
patches.suse/nfsd-allow-lock-state-ids-to-be-revoked-and-then-fre.patch.
- Refresh
patches.suse/nfsd-allow-open-state-ids-to-be-revoked-and-then-fre.patch.
- commit fb809d5
- nfsd: check that server is running in unlock_filesystem
(bsc#1257279).
- commit 82fa4f8
- Refresh
patches.suse/nfsd-prepare-for-supporting-admin-revocation-of-stat.patch.
- commit aa19d66
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 069aa1f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit f42de87
- cpufreq/amd-pstate: Add missing NULL ptr check in
amd_pstate_update (bsc#1247180).
- commit c78e422
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put()
(bsc#1247180).
- commit d5dd703
- config.conf: add kernel-azure as additonal flavor (bsc#1258037)
The content is based on commit b5b375e749d.
This makes kernel-source-azure and kernel-syms-azure obsolete.
- commit 64f6ce8
- Move upstreamed mm and SCSI patches into sorted section
- commit 2b576e9
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- net: fix memory leak in skb_segment_list for GRO packets
(CVE-2026-22979 bsc#1257228).
- commit 59160d7
- block,bfq: fix aux stat accumulation destination (git-fixes).
- commit 8a3658b
- rpm/check-for-config-changes: add OPENSSL_SUPPORTS_ to IGNORED_CONFIGS_RE
Config option OPENSSL_SUPPORTS_ML_DSA was introduced by mainline commit
0ad9a71933e7 ("modsign: Enable ML-DSA module signing") in 7.0-rc1
- commit 21b4616
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- bonding: only set speed/duplex to unknown, if getting speed
failed (bsc#1253691).
- commit 0b66a07
- rtc: interface: Alarm race handling should not discard preceding
error (git-fixes).
- commit f96272c
- NTB: ntb_transport: Fix too small buffer for debugfs_name
(git-fixes).
- commit 269c576
- drm/amd/display: Fix out-of-bounds stream encoder index v3
(git-fixes).
- drm/amd/display: Reject cursor plane on DCE when scaled
differently than primary (git-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amdgpu: Use kvfree instead of kfree in
amdgpu_gmc_get_nps_memranges() (git-fixes).
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(git-fixes).
- commit 864dc69
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 895c473
- ASoC: rockchip: i2s-tdm: Use param rate if not provided by
set_sysclk (git-fixes).
- drm/amd/display: Use same max plane scaling limits for all 64
bpp formats (git-fixes).
- drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
(git-fixes).
- drm/i915/acpi: free _DSM package when no connectors (git-fixes).
- drm/amd: Fix hang on amdgpu unload by using
pci_dev_is_disconnected() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
(git-fixes).
- efi: Fix reservation of unaccepted memory table (git-fixes).
- commit 2183b13
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- cpufreq/amd-pstate: store all values in cpudata struct in khz
(bsc#1247180).
- commit 6cd4814
- net: usb: catc: enable basic endpoint checking (git-fixes).
- ASoC: cs42l43: Correct handling of 3-pole jack load detection
(stable-fixes).
- drm/amd/display: remove assert around dpp_base replacement
(stable-fixes).
- drm/amd/display: extend delta clamping logic to CM3 LUT helper
(stable-fixes).
- commit c79d431
- net: nfc: nci: Fix parameter validation for packet data
(git-fixes).
- atm: fore200e: fix use-after-free in tasklets during device
removal (git-fixes).
- USB: serial: option: add Telit FN920C04 RNDIS compositions
(stable-fixes).
- fbdev: smscufx: properly copy ioctl memory to kernelspace
(stable-fixes).
- bus: fsl-mc: fix use-after-free in driver_override_show()
(git-fixes).
- ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes).
- ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
(stable-fixes).
- platform/x86: classmate-laptop: Add missing NULL pointer checks
(stable-fixes).
- platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro
(stable-fixes).
- platform/x86: panasonic-laptop: Fix sysfs group leak in error
path (stable-fixes).
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock
(stable-fixes).
- drm/tegra: hdmi: sor: Fix error: variable ājā set but not
used (stable-fixes).
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in
sysfs show functions (stable-fixes).
- commit 436dcdb
- config.conf: Drop armv7hl builds
commit 09ee386c4ae dropped support for armv7hl
in SLE15-SP7, SUSE-2024 never supported it,
therefore, no branch downstream of fixes/linux-6.4
supports this arch (bsc#1255265).
- commit 5dc5aaf
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online
CPUs (git-fixes).
- ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
(git-fixes).
- powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version
check (git-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments
(git-fixes).
- commit 700df2d
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit e8190a1
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit 2a01723
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes).
- commit 8d92bbb
- dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
(git-fixes).
- usb: dwc2: fix resume failure if dr_mode is host (git-fixes).
- usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
(git-fixes).
- usb: bdc: fix sleep during atomic (git-fixes).
- serial: SH_SCI: improve "DMA support" prompt (git-fixes).
- serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes).
- staging: rtl8723bs: fix null dereference in find_network
(git-fixes).
- iio: sca3000: Fix a resource leak in sca3000_probe()
(git-fixes).
- iio: gyro: itg3200: Fix unchecked return value in read_raw
(git-fixes).
- drivers: iio: mpu3050: use dev_err_probe for regulator request
(git-fixes).
- fpga: dfl: use subsys_initcall to allow built-in drivers to
be added (git-fixes).
- commit e89b2ea
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253644).
- commit 647b0eb
- idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023
bsc#1257556).
- commit 1342616
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit 27fe347
- s390/cio: Update purge function to unregister the unused
subchannels (bsc#1254214).
- commit f8efca2
- leds: qcom-lpg: Check the return value of regmap_bulk_write()
(git-fixes).
- backlight: qcom-wled: Change PM8950 WLED configurations
(git-fixes).
- backlight: qcom-wled: Support ovp values for PMI8994
(git-fixes).
- mfd: arizona: Fix regulator resource leak on
wm5102_clear_write_sequencer() failure (git-fixes).
- mfd: core: Add locking around 'mfd_of_node_list' (git-fixes).
- mfd: tps6105x: Fix kernel-doc warnings relating to the core
struct and tps6105x_mode (git-fixes).
- Revert "mfd: da9052-spi: Change read-mask to write-mask"
(stable-fixes).
- pinctrl: single: fix refcount leak in pcs_add_gpio_func()
(git-fixes).
- pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
(git-fixes).
- pinctrl: equilibrium: Fix device node reference leak in
pinbank_init() (git-fixes).
- Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB
(stable-fixes).
- commit 516fe60
- cpufreq/amd-pstate: Fix the clamping of perf values
(bsc#1247180).
- commit 1c51466
- cpufreq/amd-pstate: Modularize perf<->freq conversion
(bsc#1247180).
- commit b734845
- cpufreq/amd-pstate: Refactor max frequency calculation
(bsc#1247180).
- commit 3f6ce63
- cpufreq/amd-pstate: fix setting policy current frequency value
(bsc#1247180).
- refresh: patches.suse/cpufreq-amd-pstate-add-check-for-cpufreq_cpu_get-s-return-value.patch
- commit 1ceeaef
- cpufreq: amd-pstate: Unify computation of
{max,min,nominal,lowest_nonlinear}_freq (bsc#1247180).
- commit e72d986
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153 bsc#1258226)
- commit a1168ae
- Input: stmfts - make comments correct (git-fixes).
- Input: stmfts - correct wording for the warning message
(git-fixes).
- clk: qcom: gfx3d: add parent to parent request map (git-fixes).
- clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
(git-fixes).
- clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: rcg2: compute 2d using duty fraction directly
(git-fixes).
- clk: mediatek: Fix error handling in runtime PM setup
(git-fixes).
- clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes).
- clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak in
tegra124_clk_register_emc() (git-fixes).
- clk: tegra: tegra124-emc: fix device leak on set_rate()
(git-fixes).
- clk: clk-apple-nco: Add "apple,t8103-nco" compatible
(git-fixes).
- clk: renesas: rzg2l: Select correct div round macro (git-fixes).
- clk: renesas: rzg2l: Fix intin variable size (git-fixes).
- fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
(git-fixes).
- fbdev: of: display_timing: fix refcount leak in
of_get_display_timings() (git-fixes).
- fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes).
- fbcon: check return value of con2fb_acquire_newinfo()
(git-fixes).
- fbdev: rivafb: fix divide error in nv3_arb() (git-fixes).
- rpmsg: core: fix race in driver_override_show() and use core
helper (git-fixes).
- commit b135afb
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- commit 2fe2c66
- platform/x86: ISST: Add missing write block check (git-fixes).
- commit 0d05e52
- crypto: ccp - Add an S4 restore flow (git-fixes).
- tools/power/x86/intel-speed-select: Fix file descriptor leak
in isolate_cpus() (git-fixes).
- mtd: rawnand: pl353: Fix software ECC support (git-fixes).
- mtd: spinand: Fix kernel doc (git-fixes).
- mtd: rawnand: cadence: Fix return type of CDMA send-and-wait
helper (git-fixes).
- mtd: parsers: ofpart: fix OF node refcount leak in
parse_fixed_partitions() (git-fixes).
- mtd: parsers: Fix memory leak in
mtd_parser_tplink_safeloader_parse() (git-fixes).
- commit 766aa67
- ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763).
- net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
(CVE-2026-23035 bsc#1257559).
- idpf: fix error handling in the init_task on load
(CVE-2026-23017 bsc#1257552).
- commit fb93c36
- power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
(git-fixes).
- power: supply: wm97xx: Fix NULL pointer dereference in
power_supply_changed() (git-fixes).
- power: supply: bq27xxx: fix wrong errno when bus ops are
unsupported (git-fixes).
- power: reset: nvmem-reboot-mode: respect cell size for
nvmem_cell_write (git-fixes).
- power: supply: sbs-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: rt9455: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: goldfish: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: cpcap-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq25980: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq256xx: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: act8945a: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: ab8500: Fix use-after-free in
power_supply_changed() (git-fixes).
- ata: pata_ftide010: Fix some DMA timings (git-fixes).
- rapidio: replace rio_free_net() with kfree() in
rio_scan_alloc_net() (git-fixes).
- commit 46137a2
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 75a3dd5
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit a17643b
- Update upstreamed net and powerpc patch references and sorting
- commit 638a424
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit 1d88ad6
- vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057).
- commit 09262b6
- drm/xe: Unregister drm device on probe error (git-fixes).
- drm/msm/dpu: drop intr_start from DPU 3.x catalog files
(git-fixes).
- drm/msm/disp: set num_planes to 1 for interleaved YUV formats
(git-fixes).
- drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes).
- drm/msm/dpu: Set vsync source irrespective of mdp top support
(git-fixes).
- drm/bridge: anx7625: Fix invalid EDID size (git-fixes).
- drm/amdkfd: Fix signal_eviction_fence() bool return value
(git-fixes).
- drm/amd: Drop "amdgpu kernel modesetting enabled" message
(git-fixes).
- drm/panthor: Evict groups before VM termination (git-fixes).
- drm/panel: sw43408: Remove manual invocation of unprepare at
remove (git-fixes).
- drm/panthor: Make sure we resume the tick when new jobs are
submitted (git-fixes).
- drm/panthor: Fix the logic that decides when to stop ticking
(git-fixes).
- drm/panthor: Fix immediate ticking on a disabled tick
(git-fixes).
- drm/panthor: Fix the group priority rotation logic (git-fixes).
- drm/panthor: Fix the full_tick check (git-fixes).
- drm/panthor: Recover from panthor_gpu_flush_caches() failures
(git-fixes).
- media: verisilicon: AV1: Fix tile info buffer size (git-fixes).
- media: ipu6: Fix RPM reference leak in probe error paths
(git-fixes).
- media: ipu6: Fix typo and wrong constant in ipu6-mmu.c
(git-fixes).
- media: ccs: Fix setting initial sub-device state (git-fixes).
- media: tegra-video: Fix memory leak in
__tegra_channel_try_format() (git-fixes).
- media: verisilicon: AV1: Set IDR flag for intra_only frame type
(git-fixes).
- media: amphion: Drop min_queued_buffers assignment (git-fixes).
- media: verisilicon: AV1: Fix tx mode bit setting (git-fixes).
- media: verisilicon: AV1: Fix enable cdef computation
(git-fixes).
- media: chips-media: wave5: Fix memory leak on codec_info
allocation failure (git-fixes).
- HID: intel-ish-hid: fix NULL-ptr-deref in
ishtp_bus_remove_all_clients (git-fixes).
- drm/xe/pm: Disable D3Cold for BMG only on specific platforms
(git-fixes).
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(stable-fixes).
- drm/xe/pm: Also avoid missing outer rpm warning on system
suspend (stable-fixes).
- commit bef2297
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit f5cd5c5
- wifi: ath10k: sdio: add missing lock protection in
ath10k_sdio_fw_crashed_dump() (git-fixes).
- wifi: ath9k: fix kernel-doc warnings in common-debug.h
(git-fixes).
- wifi: ath9k: debug.h: fix kernel-doc bad lines and struct
ath_tx_stats (git-fixes).
- wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes).
- wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
(git-fixes).
- wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
(git-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh
(git-fixes).
- soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
(git-fixes).
- soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in
cmd_db_dev_probe (git-fixes).
- soc: qcom: smem: handle ENOMEM error during probe (git-fixes).
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt
twice (stable-fixes).
- wifi: mac80211: correctly check if CSA is active (stable-fixes).
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
(stable-fixes).
- wifi: mac80211: collect station statistics earlier when
disconnect (stable-fixes).
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(stable-fixes).
- wifi: wlcore: ensure skb headroom before skb_push
(stable-fixes).
- commit 7dd6fbf
- PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
(git-fixes).
- PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
(git-fixes).
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI/portdrv: Fix potential resource leak (git-fixes).
- PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes).
- PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page()
fails (git-fixes).
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(git-fixes).
- Revert "PCI/IOV: Add PCI rescan-remove locking when
enabling/disabling SR-IOV" (git-fixes).
- PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes).
- PCI: Initialize RCB from pci_configure_device() (git-fixes).
- PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
(git-fixes).
- regulator: core: move supply check earlier in
set_machine_constraints() (git-fixes).
- regulator: core: fix locking in regulator_resolve_supply()
error path (git-fixes).
- platform/chrome: cros_ec_lightbar: Fix response size
initialization (git-fixes).
- platform/chrome: cros_typec_switch: Don't touch struct
fwnode_handle::dev (git-fixes).
- soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
(git-fixes).
- soc: ti: k3-socinfo: Fix regmap leak on probe failure
(git-fixes).
- regmap: maple: free entry on mas_store_gfp() failure
(stable-fixes).
- commit 5d29d16
- nfc: hci: shdlc: Stop timers and work before freeing context
(git-fixes).
- PCI: Do not attempt to set ExtTag for VFs (git-fixes).
- PCI: endpoint: Fix swapped parameters in
pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes).
- media: uvcvideo: Fix allocation for small frame sizes
(git-fixes).
- media: venus: vdec: fix error state assignment for zero
bytesused (git-fixes).
- media: ccs: Accommodate C-PHY into the calculation (git-fixes).
- media: i2c: ov5647: use our own mutex for the ctrl lock
(git-fixes).
- media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
(git-fixes).
- media: i2c: ov5647: Sensor should report RAW color space
(git-fixes).
- media: i2c: ov5647: Correct minimum VBLANK value (git-fixes).
- media: i2c: ov5647: Correct pixel array offset (git-fixes).
- media: i2c: ov5647: Initialize subdev before controls
(git-fixes).
- media: ccs: Avoid possible division by zero (git-fixes).
- media: qcom: camss: vfe: Fix out-of-bounds access in
vfe_isr_reg_update() (git-fixes).
- media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
(git-fixes).
- media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
(git-fixes).
- media: cx25821: Add missing unmap in snd_cx25821_hw_params()
(git-fixes).
- media: cx23885: Add missing unmap in snd_cx23885_hw_params()
(git-fixes).
- media: cx88: Add missing unmap in snd_cx88_hw_params()
(git-fixes).
- net: usb: sr9700: support devices with virtual driver CD
(stable-fixes).
- commit b9e0ae7
- drm/msm/a2xx: fix pixel shader start on A225 (git-fixes).
- drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes).
- drm/buddy: Prevent BUG_ON by validating rounded allocation
(git-fixes).
- drm/tegra: dsi: fix device leak on probe (git-fixes).
- media: radio-keene: fix memory leak in error path (git-fixes).
- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
(git-fixes).
- media: mtk-mdp: Fix error handling in probe function
(git-fixes).
- HID: hid-pl: handle probe errors (git-fixes).
- HID: playstation: Add missing check for input_ff_create_memless
(git-fixes).
- Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
(git-fixes).
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler
optimization induced race (git-fixes).
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30
(2d99:a101) (stable-fixes).
- HID: i2c-hid: fix potential buffer overflow in
i2c_hid_get_report() (stable-fixes).
- HID: quirks: Add another Chicony HP 5MP Cameras to
hid_ignore_list (stable-fixes).
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
(stable-fixes).
- HID: intel-ish-hid: Reset enum_devices_done before enumeration
(stable-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device
ID table (stable-fixes).
- HID: playstation: Center initial joystick axes to prevent
spurious events (stable-fixes).
- commit a4d4518
- Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
(git-fixes).
- ASoC: amd: drop unused Kconfig symbols (git-fixes).
- ASoC: pxa: drop unused Kconfig symbol (git-fixes).
- ASoC: SOF: ipc4-control: Keep the payload size up to date
(git-fixes).
- ASoC: SOF: ipc4-control: Use the correct size for
scontrol->ipc_control_data (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the allocation size for
bytes controls (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes
update (git-fixes).
- bus: fsl-mc: fix an error handling in fsl_mc_device_add()
(git-fixes).
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
(stable-fixes).
- ASoC: tlv320adcx140: Propagate error codes during probe
(stable-fixes).
- ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes).
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
(stable-fixes).
- commit cd7803f
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- commit 9d87a7d
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary
handler (git-fixes).
- platform/x86: int0002: Remove IRQF_ONESHOT from request_irq()
(git-fixes).
- genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes).
- crypto: hisilicon/trng - support tfms sharing the device
(git-fixes).
- crypto: hisilicon/zip - adjust the way to obtain the req in
the callback function (git-fixes).
- commit 6098b0f
- mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes).
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
correctly (git-fixes).
- crypto: virtio - Remove duplicated virtqueue_kick in
virtio_crypto_skcipher_crypt_req (git-fixes).
- crypto: virtio - Add spinlock protection with virtqueue
notification (git-fixes).
- crypto: hisilicon/sec2 - support skcipher/aead fallback for
hardware queue unavailable (git-fixes).
- crypto: octeontx - fix dma_free_coherent() size (git-fixes).
- crypto: cavium - fix dma_free_coherent() size (git-fixes).
- crypto: iaa - Fix out-of-bounds index in
find_empty_iaa_compression_mode (git-fixes).
- crypto: octeontx - Fix length check to avoid truncation in
ucode_load_store (git-fixes).
- crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes).
- crypto: qat - fix parameter order used in
ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes).
- Documentation: mailbox: mbox_chan_ops.flush() is optional
(git-fixes).
- commit ef8920f
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit e3370c0
- arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107)
- commit c430300
- arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102)
- commit 6759c0c
- arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772 CVE-2026-23102)
- commit 1baf93e
- Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070)
- commit 31e5415
- blacklist.conf: CVE-2025-68789 is invalid
- Delete
patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch.
- commit 4322f6e
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons
(bsc#1257942 bsc#1257246 CVE-2026-23003).
- commit 3935902
- vxlan: Pull inner IP header in vxlan_xmit_one() (bsc#1257942
bsc#1257246 CVE-2026-23003).
- commit 8097957
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature
(git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- commit 854a137
- PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
(git-fixes).
- PM: wakeup: Handle empty list in wakeup_sources_walk_start()
(git-fixes).
- ACPICA: Fix NULL pointer dereference in
acpi_ev_address_space_dispatch() (git-fixes).
- tpm: st33zp24: Fix missing cleanup on get_burstcount() error
(git-fixes).
- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount()
failure (git-fixes).
- i3c: dw: Initialize spinlock to avoid upsetting lockdep
(git-fixes).
- i3c: Move device name assignment after i3c_bus_init (git-fixes).
- auxdisplay: arm-charlcd: fix release_mem_region() size
(git-fixes).
- commit b423671
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- spi: tegra114: Preserve SPI mode bits in def_command1_reg
(git-fixes).
- spi: tegra: Fix a memory leak in tegra_slink_probe()
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer clearing in
tegra_qspi_non_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer in
tegra_qspi_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer assignment in
tegra_qspi_setup_transfer_one (git-fixes).
- spi: tegra210-quad: Move curr_xfer read inside spinlock
(git-fixes).
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already
processed transfer (git-fixes).
- commit 95b4070
- drm/amdgpu: stop unmapping MQD for kernel queues v3
(stable-fixes).
- drm/amdgpu: remove invalid usage of sched.ready (stable-fixes).
- commit b0da37b
- drm/xe/query: Fix topology query pointer advance (git-fixes).
- Revert "drm/nouveau/disp: Set
drm_mode_config_funcs.atomic_(check|commit)" (git-fixes).
- drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes).
- commit 7e1670f
- ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (stable-fixes).
- ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
(stable-fixes).
- ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel
(stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound (stable-fixes).
- commit e53fbb8
- ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
(git-fixes).
- hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes).
- drm/amd/display: fix wrong color value mapping on MCM shaper
LUT (git-fixes).
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
(git-fixes).
- drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes).
- efivarfs: fix error propagation in efivar_entry_get()
(git-fixes).
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
(stable-fixes).
- gpio: pca953x: mask interrupts in irq shutdown (stable-fixes).
- drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/soc21: fix xclk for APUs (stable-fixes).
- pinctrl: meson: mark the GPIO controller as sleeping
(git-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- commit 1cabea4
- net: openvswitch: fix middle attribute validation in push_nsh()
action (CVE-2025-68785 bsc#1256640).
- commit 3dbef50
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- Revive thinkpad-lmi driver and mark as supported (jsc#PED-15553)
The driver is required for BIOS management on Lenovo machines.
- commit 9392d74
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & (git-fixes)
- commit ebcb744
- wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes).
- commit a467536
- iomap: account for unaligned end offsets when truncating read
range (git-fixes).
- blacklist.conf: Blacklist 40a71b53d5a6 and 524c3853831c
- commit 6f0c964
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
(git-fixes).
- commit c2e8303
- mptcp: avoid deadlock on fallback while reinjecting
(CVE-2025-71126 bsc#1256755).
- mptcp: reset fallback status gracefully at disconnect() time
(CVE-2025-71126 bsc#1256755).
- commit 3b7ecc1
- arm64: Set __nocfi on swsusp_arch_resume() (git-fixes)
- commit c10bf0c
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 2b67457
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 167d4d3
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR
(failed VMRUN) (git-fixes).
- commit aab4ed6
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested
VM-Exits (git-fixes).
- commit 25f6c77
- KVM: x86: Explicitly set new periodic hrtimer expiration in
apic_timer_fn() (git-fixes).
- commit a923270
- KVM: x86: WARN if hrtimer callback for periodic APIC timer
fires with period=0 (git-fixes).
- commit a7b9a1d
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled
(e.g. on #SMI) (git-fixes).
- commit 0e3d0ad
- platform/x86: hp-bioscfg: Skip empty attribute names
(git-fixes).
- commit 6fb112e
- platform/x86: intel_telemetry: Fix PSS event register mask
(git-fixes).
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output
(git-fixes).
- platform/x86: toshiba_haps: Fix memory leaks in add/remove
routines (git-fixes).
- commit 41b7ff7
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- util-linux
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- nfs-utils
-
- Fix access checks when mounting subdirectories in NFSv3
(CVE-2025-12801 bsc#1259204)
- add Fix-access-checks-when-mounting-subdirectories-in-NFSv3.patch
- add NFS-export-symlink-vulnerability-fix.patch
- add configure-check-for-rpc_gss_seccreate.patch
- add mountd-Minor-refactor-of-get_rootfh.patch
- add mountd-Separate-lookup-of-the-exported-directory-and-the-m.patch
- add support-Add-a-mini-library-to-extract-and-apply-RPC-creden.patch
- Split legacy libnfsidmap0 into a separate spec file (bsc#1246505)
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- openssl-3
-
- Enable MD2 in legacy provider (jsc#PED-15724)
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* NULL pointer dereference when processing an OCSP response
(bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch openssl-CVE-2026-28388-tests.patch
openssl-CVE-2026-28389.patch openssl-CVE-2026-31789.patch
openssl-CVE-2026-31790.patch openssl-CVE-2026-31790-tests.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- libpng16
-
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755)
* libpng16-CVE-2026-33636.patch
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- libssh
-
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377)
Added libssh-CVE-2026-3731.patch
- systemd
-
- Import commit c89ea566d98c8e3fb29a5b8edd4576b135b4bc92
a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
71593f77db udev: fix review mixup
73a89810b4 udev-builtin-net-id: print cescaped bad attributes
0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
40905232e2 udev: ensure tag parsing stays within bounds
7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit 626ffc7844795870235d15c6daab695f2d53a11e
aef6e11921 core/cgroup: avoid one unnecessary strjoina()
cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
26a748f727 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- tpm2-0-tss
-
- add Requires to libtss2-fapi to pull in the tss user (bsc#1258720).
Otherwise, when installing libtss2-fapi on its own, errors from
systemd-tmpfiles can appear.
- mdadm
-
- Update to version 4.4+40.g243a5d9f:
* avoid mdcheck_continue.timer and mdcheck_start.timer
firing simultaneously (bsc#1243443, bsc#1259090)
- sudo
-
- CVE-2026-35535: potential privilege escalation when running
the mailer (bsc#1261420)
* fix-CVE-2026-35535.patch
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- xen
-
- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
paging structures in EPT (XSA-480)
xsa480.patch
- bsc#1259248 - VUL-0: CVE-2026-23555: xen: Xenstored DoS by
unprivileged domain (XSA-481)
xsa481.patch