- net-tools
-
- Drop old Fedora patch net-tools-1.60-interface_stack.patch. It
provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
by the upstream in 2025 in a different way. Revert interferring
net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
GHSA-w7jq-cmw2-cq59,
net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
net-tools-ax25+netrom-overflow-1.patch,
net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410,
net-tools-ifconfig-long-name-warning.patch).
- Provide more readable error for interface name size checking
introduced by net-tools-CVE-2025-46836.patch
(bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
- Perform bound checks when parsing interface labels in
/proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
- bash
-
- Add patch bsc1245199.patch
* Fix histfile missing timestamp for the oldest record (bsc#1245199)
- python3-base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add functools-cached_property.patch adding the port of
functools.cached_property from Python 3.8
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Make the time module statically linked to prevent faliure to
start when building.
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
since kernel 3.6-rc1)
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0018-prep-CVE-2025-3576.patch
- Add patch 0019-CVE-2025-3576.patch
- mozilla-nss
-
- Add bmo1990242.patch to move NSS DB password hash away from SHA-1
- update to NSS 3.112.2
* bmo#1970079 - Prevent leaks during pkcs12 decoding.
* bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
- Adding patch bmo1980465.patch to fix bug on s390x (bmo#1980465)
- Adding patch bmo1956754.patch to fix possible undefined behaviour (bmo#1956754)
- update to NSS 3.112.1
* bmo#1982742 - restore support for finding certificates by decoded serial number.
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- python3
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- sqlite3
-
- Backpatch the URLs in sqlite3.n from https to http to avoid a
file conflict with the tcl package on SLE-12.
- Sync version 3.50.2 from Factory:
* CVE-2025-6965, bsc#1246597:
Raise an error early if the number of aggregate terms in a
query exceeds the maximum number of columns, to avoid
downstream assertion faults.
* Add subpackage for the lemon parser generator.
+ sqlite-3.49.0-fix-lemon-missing-cflags.patch
+ sqlite-3.6.23-lemon-system-template.patch
- openssl-1_0_0
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- grub2
-
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- samba
-
- CVE-2025-9640: fix vfs_streams_xattr uninitialized memory write;
(bsc#1251279);(bso#15885).
- CVE-2025-10230: fix command Injection in WINS Server Hook Script;
(bsc#1251280);(bso#15903).
- expat
-
- Fix CVE-2025-59375 / bsc#1249584.
- Add patch file:
* CVE-2025-59375.patch
- python-base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- libgcrypt
-
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236_01.patch
* Add libgcrypt-CVE-2024-2236_02.patch
* Add libgcrypt-CVE-2024-2236_03.patch
* Add libgcrypt-CVE-2024-2236_04.patch
* Add libgcrypt-CVE-2024-2236_05.patch
* Add libgcrypt-CVE-2024-2236_06.patch
* Add libgcrypt-CVE-2024-2236_07.patch
* Add libgcrypt-CVE-2024-2236_08.patch
* Add libgcrypt-CVE-2024-2236_09.patch
* Add libgcrypt-CVE-2024-2236_10.patch
* Add libgcrypt-CVE-2024-2236_11.patch
* Add libgcrypt-CVE-2024-2236_decoding_fix.patch
- openssl-1_1
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- vim
-
- Fix for bsc#1229750.
- nocompatible must be set before the syntax highlighting is turned on.
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
- cups
-
- cups-1.7.5-CVE-2025-58364.patch is derived
from the upstream patch to fix CVE-2025-58364
"Remote DoS via null dereference"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4
bsc#1249128
- cups-1.7.5-CVE-2025-58060.patch is derived
from the upstream patch against CUPS 2.4
to fix CVE-2025-58060
"Authentication bypass with AuthType Negotiate"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
bsc#1249049
- avahi
-
- Add avahi-CVE-2024-52615.patch:
Backport 4e2e1ea from upstream, Resolve fixed source ports for
wide-area DNS queries cause DNS responses be injected.
(CVE-2024-52615, bsc#1233421)
- libssh
-
- Security fix: [CVE-2025-8277, bsc#1249375]
* Memory Exhaustion via Repeated Key Exchange
* Add patches:
- libssh-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch
- libssh-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch
- libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch
- Security fix: [CVE-2025-8114, bsc#1246974]
* NULL pointer dereference when calculating session ID during KEX
* Add libssh-CVE-2025-8114.patch
- pam
-
- Make sure that the buffer containing encrypted passwords get's erased
bedore free.
- Replace to previous CVE fix which led to CPU performance issues.
[bsc#1246221, CVE-2024-10041,
+ libpam-introduce-secure-memory-erasure-helpers.patch,
+ pam_modutil_get-overwrite-password-at-free.patch,
- passverify-always-run-the-helper-to-obtain-shadow_pwd.patch,
- pam_unix-arbitrary-upper-limit-for-MAX_FD_NO.patch]
- python36
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- bind
-
- Security Fixes:
* Address various spoofing attacks.
[CVE-2025-40778, bsc#1252379, bind-9.11-CVE-2025-40778.patch]
- python
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- regionServiceClientConfigAzure
-
- Update to version 3.0.0 (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in SLE 16
(bsc#1243419)
- libxslt
-
- security update
- added patches
CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
* libxslt-CVE-2025-11731.patch
- propagate test failure into build failure
- added sources
* libxslt-test-results.ref
- kernel-default
-
- drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (CVE-2022-50242 bsc#1249696)
- commit 2d1b74b
- igb: Do not bring the device up after non-fatal error
(CVE-2023-53148 bsc#1249842).
- commit d58ebba
- net: If sock is dead don't access sock's sk_wq in
sk_stream_wait_memory (CVE-2022-50409 bsc#1250392).
- commit d8d8ecd
- ppp: fix memory leak in pad_compress_skb (CVE-2025-39847
bsc#1250292).
- gve: prevent ethtool ops after shutdown (CVE-2025-38735
bsc#1249288).
- igb: Fix igb_down hung on surprise removal (CVE-2023-53148
bsc#1249842).
- qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable()
failure (CVE-2022-50288 bsc#1249802).
- igb: Do not free q_vector unless new one was allocated
(CVE-2022-50252 bsc#1249846).
- commit 0b4ef82
- Update
patches.suse/0001-media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
(bsc#1209291 CVE-2023-28328 CVE-2022-50272 bsc#1249808).
- Update
patches.suse/0001-ubi-ensure-that-VID-header-offset-VID-header-size-al.patch
(bsc#1210584 CVE-2023-53265 bsc#1249908).
- Update
patches.suse/0001-wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
(bsc#1209287 CVE-2023-1380 CVE-2023-53213 bsc#1249918).
- Update
patches.suse/0012-md-Replace-snprintf-with-scnprintf.patch
(git-fixes bsc#1164051 CVE-2022-50299 bsc#1249734).
- Update patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch
(git-fixes CVE-2022-50385 bsc#1250131).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124 CVE-2022-50410
bsc#1250187).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-Rdir.patch
(bsc#1205128 CVE-2022-43945 CVE-2022-50235 bsc#1249667).
- Update
patches.suse/PCI-ASPM-Disable-ASPM-on-MFD-function-removal-to-avo.patch
(git-fixes CVE-2023-53446 bsc#1250145).
- Update
patches.suse/blk-mq-fix-possible-memleak-when-register-hctx-failed-4b7a.patch
(git-fixes CVE-2022-50434 bsc#1250792).
- Update
patches.suse/bpf-make-sure-skb-len-0-when-redirecting-to-a-tunnel.patch
(CVE-2022-49975 bsc#1245196 CVE-2022-50253 bsc#1249912).
- Update
patches.suse/btrfs-fix-resolving-backrefs-for-inline-extent-follo.patch
(bsc#1213133 CVE-2022-50456 bsc#1250856).
- Update
patches.suse/chardev-fix-error-handling-in-cdev_device_add.patch
(git-fixes CVE-2022-50282 bsc#1249739).
- Update
patches.suse/cifs-Fix-memory-leak-when-build-ntlmssp-negotiate-blob-failed.patch
(bsc#1190317 CVE-2022-50372 bsc#1250052).
- Update
patches.suse/cifs-Fix-warning-and-UAF-when-destroy-the-MR-list.patch
(bsc#1190317 CVE-2023-53427 bsc#1250168).
- Update patches.suse/cifs-Fix-xid-leak-in-cifs_create-.patch
(bsc#1190317 CVE-2022-50351 bsc#1249925).
- Update patches.suse/cifs-Fix-xid-leak-in-cifs_flock-.patch
(bsc#1190317 CVE-2022-50460 bsc#1250879).
- Update
patches.suse/cifs-fix-DFS-traversal-oops-without-CONFIG_CIFS_DFS_UPCALL.patch
(bsc#1190317 CVE-2023-53246 bsc#1249867).
- Update
patches.suse/drm-vmwgfx-Validate-the-box-size-for-the-snooped-cur.patch
(bsc#1203332 CVE-2022-36280 CVE-2022-50440 bsc#1250853).
- Update
patches.suse/ext4-avoid-crash-when-inline-data-creation-follows-D.patch
(bsc#1206883 CVE-2022-50435 bsc#1250799).
- Update
patches.suse/ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch
(bsc#1213016 CVE-2023-53149 bsc#1249882).
- Update
patches.suse/ext4-fix-i_disksize-exceeding-i_size-problem-in-pari.patch
(bsc#1213015 CVE-2023-53270 bsc#1249872).
- Update
patches.suse/ext4-fix-null-ptr-deref-in-ext4_write_info.patch
(bsc#1206884 CVE-2022-50344 bsc#1250014).
- Update
patches.suse/ext4-init-quota-for-old.inode-in-ext4_rename.patch
(bsc#1207629 CVE-2022-50346 bsc#1250044).
- Update
patches.suse/firmware-dmi-sysfs-Fix-null-ptr-deref-in-dmi_sysfs_r.patch
(bsc#1238467 CVE-2023-53250 bsc#1249727).
- Update
patches.suse/genirq-ipi-Fix-NULL-pointer-deref-in-irq_data_get_af.patch
(git-fixes CVE-2023-53332 bsc#1249951).
- Update
patches.suse/ipv6-addrconf-fix-a-potential-refcount-underflow-for.patch
(git-fixes CVE-2023-53189 bsc#1249894).
- Update
patches.suse/jbd2-check-jh-b_transaction-before-removing-it-from-.patch
(bsc#1214953 CVE-2023-53526 bsc#1250928).
- Update
patches.suse/kernfs-fix-use-after-free-in-__kernfs_remove.patch
(git-fixes CVE-2022-50432 bsc#1250851).
- Update
patches.suse/kprobes-Fix-check-for-probe-enabled-in-kill_kprobe.patch
(git-fixes CVE-2022-50266 bsc#1249810).
- Update patches.suse/md-fix-a-crash-in-mempool_free-3410.patch
(git-fixes CVE-2022-50381 bsc#1250257).
- Update
patches.suse/md-raid10-check-slab-out-of-bounds-in-md_bitmap_get_-3018.patch
(git-fixes CVE-2023-53357 bsc#1249994).
- Update
patches.suse/md-raid10-fix-leak-of-r10bio-remaining-for-recovery-2620.patch
(git-fixes CVE-2023-53299 bsc#1249927).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-of-mreplace-in-raid10_s-3481.patch
(git-fixes CVE-2023-53380 bsc#1250198).
- Update
patches.suse/md-raid10-fix-wrong-setting-of-max_corr_read_errors-f8b2.patch
(git-fixes CVE-2023-53313 bsc#1249911).
- Update
patches.suse/md-raid10-prevent-soft-lockup-while-flush-writes-0104.patch
(git-fixes CVE-2023-53151 bsc#1249865).
- Update
patches.suse/msft-hv-2841-scsi-storvsc-Fix-handling-of-virtual-Fibre-Channel-t.patch
(git-fixes CVE-2023-53245 bsc#1249641).
- Update
patches.suse/net-fec-Better-handle-pm_runtime_get-failing-in-.rem.patch
(git-fixes CVE-2023-53308 bsc#1250045).
- Update
patches.suse/netfilter-conntrack-dccp-copy-entire-header-to-stack.patch
(CVE-2023-39197 bsc#1216976 CVE-2023-53333 bsc#1249949).
- Update
patches.suse/netlink-avoid-infinite-retry-looping-in-netlink_unic.patch
(CVE-2025-38465 bsc#1247118 CVE-2025-38727 bsc#1249166).
- Update
patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch
(git-fixes CVE-2022-50401 bsc#1250140).
- Update
patches.suse/ocfs2-fix-memory-leak-in-ocfs2_stack_glue_init.patch
(git-fixes CVE-2022-50289 bsc#1249981).
- Update
patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch
(bsc#1065729 CVE-2023-53326 bsc#1250071).
- Update
patches.suse/pstore-ram-Check-start-of-empty-przs-during-init.patch
(git-fixes CVE-2023-53331 bsc#1249950).
- Update
patches.suse/rbd-avoid-use-after-free-in-do_rbd_add-when-rbd_dev_-f7c4.patch
(git-fixes CVE-2023-53307 bsc#1250043).
- Update
patches.suse/sched-fair-Don-t-balance-task-to-its-current-running-CPU.patch
(git fixes (sched) CVE-2023-53215 bsc#1250397).
- Update
patches.suse/scsi-core-Fix-possible-memory-leak-if-device_add-fails.patch
(git-fixes CVE-2023-53174 bsc#1250024).
- Update
patches.suse/scsi-fcoe-Fix-transport-not-deattached-when-fcoe_if_init-fails.patch
(git-fixes CVE-2022-50414 bsc#1250183).
- Update
patches.suse/scsi-libsas-Fix-use-after-free-bug-in-smp_execute_task_sg.patch
(git-fixes CVE-2022-50422 bsc#1250774).
- Update patches.suse/scsi-mpt3sas-Fix-a-memory-leak.patch
(git-fixes CVE-2023-53512 bsc#1250915).
- Update
patches.suse/scsi-qla2xxx-Fix-potential-NULL-pointer-dereference.patch
(bsc#1213747 CVE-2023-53451 bsc#1250831).
- Update
patches.suse/scsi-qla2xxx-Pointer-may-be-dereferenced.patch
(bsc#1213747 CVE-2023-53150 bsc#1249853).
- Update
patches.suse/scsi-qla2xxx-Remove-unused-nvme_ls_waitq-wait-queue.patch
(bsc#1213747 CVE-2023-53280 bsc#1249938).
- Update
patches.suse/scsi-qla2xxx-Use-raw_smp_processor_id-instead-of-smp.patch
(git-fixes CVE-2023-53530 bsc#1250949).
- Update
patches.suse/scsi-qla2xxx-Wait-for-io-return-on-terminate-rport.patch
(bsc#1211960 CVE-2023-53322 bsc#1250323).
- Update
patches.suse/scsi-qla4xxx-Add-length-check-when-parsing-nlattrs.patch
(git-fixes CVE-2023-53456 bsc#1250765).
- Update
patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_intf_remove.patch
(git-fixes CVE-2023-53521 bsc#1250965).
- Update
patches.suse/scsi-snic-Fix-possible-memory-leak-if-device_add-fails.patch
(git-fixes CVE-2023-53436 bsc#1250156).
- Update
patches.suse/tpm-tpm_crb-Add-the-missed-acpi_put_table-to-fix-mem.patch
(bsc#1082555 CVE-2022-50389 bsc#1250121).
- Update
patches.suse/tracing-Fix-race-issue-between-cpu-buffer-write-and-swap.patch
(git-fixes CVE-2023-53368 bsc#1249979).
- Update
patches.suse/udf-Do-not-bother-merging-very-long-extents.patch
(bsc#1213040 CVE-2023-53506 bsc#1250963).
- Update
patches.suse/udf-Do-not-update-file-length-for-failed-writes-to-i.patch
(bsc#1213041 CVE-2023-53295 bsc#1250324).
- Update
patches.suse/udf-Fix-uninitialized-array-access-for-some-pathname.patch
(bsc#1214967 CVE-2023-53165 bsc#1250395).
- Update
patches.suse/vhost-vsock-Use-kvmalloc-kvfree-for-larger-packets.patch
(git-fixes CVE-2022-50271 bsc#1249740).
- Update
patches.suse/virtio_net-Fix-error-unwinding-of-XDP-initialization.patch
(git-fixes CVE-2023-53499 bsc#1250818).
- Update patches.suse/xen-gntdev-Prevent-leaking-grants.patch
(git-fixes CVE-2022-50257 bsc#1249743).
- Update
patches.suse/xfrm-add-NULL-check-in-xfrm_update_ae_params.patch
(bsc#1213666 CVE-2023-3772 CVE-2023-53147 bsc#1249880).
- commit f14b4f5
- i40e: Fix potential invalid access when MAC list is empty (CVE-2025-39853 bsc#1250275)
- commit 15849c1
- x86/tsc: Append the 'tsc=' description for the 'tsc=unstable'
boot parameter (git-fixes).
- Refresh
patches.suse/0004-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch.
- commit fc36e71
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
(CVE-2025-39860 bsc#1250247).
- commit db1f312
- net: bridge: fix soft lockup in br_multicast_query_expired()
(CVE-2025-39773 bsc#1249504).
- net: bridge: mcast: add and enforce startup query interval
minimum (CVE-2025-39773 bsc1249504).
- net: bridge: mcast: add and enforce query interval minimum
(CVE-2025-39773 bsc1249504).
- commit 86febde
- HID: asus: fix UAF via HID_CLAIMED_INPUT validation
(CVE-2025-39824 bsc#1250007).
- commit 74f7410
- ip6mr: Fix skb_under_panic in ip6mr_cache_report()
(CVE-2023-53365 bsc#1249988).
- commit 31b9909
- dmaengine: ti: edma: Fix memory allocation size for
queue_priority_map (CVE-2025-39869 bsc#1250406).
- commit 0c7b875
- netfilter: ctnetlink: remove refcounting in expectation dumpers
(CVE-2025-39764 bsc#1249513).
- commit 21919f3
- net/sched: Fix backlog accounting in qdisc_dequeue_internal
(CVE-2025-39677 bsc#1249300).
- commit 019e014
- cifs: prevent NULL pointer dereference in UTF16 conversion
(bsc#1250365, CVE-2025-39838).
- commit a653056
- l2tp: remove unused list_head member in l2tp_tunnel (git-fixes).
- commit a146724
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
Move the call to release_sock() to match upstream. This will make
future backports easier.
- commit 7c5477e
- Bluetooth: eir: Fix using strlen with
hdev->{dev_name,short_name} (CVE-2022-50233 bsc#1246968).
- commit 7861eb7
- Update
patches.suse/ACPICA-Fix-error-code-path-in-acpi_ds_call_control_method.patch
(bsc#1250393 CVE-2022-50411).
Fix wrongly C&Ped bug and CVE number.
- commit c1344a1
- ocfs2: fix recursive semaphore deadlock in fiemap call
(bsc#1250407 CVE-2025-39885).
- commit fa96337
- mm/smaps: fix race between smaps_hugetlb_range and migration
(CVE-2025-39754 bsc#1249524).
- commit c2c05c6
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
(CVE-2022-50359 bsc#1250269).
- commit 680e9a1
- mISDN: hfcpci: Fix warning when deleting uninitialized timer
(CVE-2025-39833 bsc#1250028).
- commit 44dd6de
- net: ena: fix shift-out-of-bounds in exponential backoff (CVE-2023-53272 bsc#1249917)
- commit 79f3645
- Refresh
patches.suse/btrfs-fix-deadlock-when-aborting-transaction-during-.patch.
- Refresh
patches.suse/btrfs-prevent-ioctls-from-interfering-with-a-swap-file.patch.
- commit df48fdf
- wifi: brcmfmac: fix use-after-free when rescheduling
brcmf_btcoex_info work (CVE-2025-39863 bsc#1250281).
- commit b50d5fe
- serial: 8250: Fix oops for port->pm on uart_change_pm()
(CVE-2023-53176 bsc#1249991).
- commit ef178fc
- Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386
bsc#1250301).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit ef8e23b
- mm: zswap: fix missing folio cleanup in writeback race path
(CVE-2023-53178 bsc#1249827 git-fix).
- commit 556f4d6
- mm: fix zswap writeback race condition (CVE-2023-53178
bsc#1249827).
- commit 58cd2c5
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
times (CVE-2022-50419 bsc#1250394).
- commit b4e8638
- wifi: brcmfmac: fix use-after-free bug in
brcmf_netdev_start_xmit() (CVE-2022-50408 bsc#1250391).
- commit d1d8e28
- ALSA: hda: Fix Oops by 9.1 surround channel names
(CVE-2023-53400 bsc#1250328).
- commit ba820fb
- wifi: mac80211_hwsim: drop short frames (CVE-2023-53321
bsc#1250313).
- commit 6ddc75a
- tee: fix NULL pointer dereference in tee_shm_put (CVE-2025-39865
bsc#1250294).
- commit f721184
- serial: 8250: Reinit port->pm on port specific driver unbind
(CVE-2023-53176 bsc#1249991).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
lpuart_dma_shutdown (CVE-2022-50375 bsc#1250132).
- Refresh
patches.suse/tty-serial-fsl_lpuart-fix-race-on-RX-DMA-shutdown.patch.
- drivers: serial: jsm: fix some leaks in probe (CVE-2022-50312
bsc#1249716).
- commit 1aca549
- wifi: ath9k: verify the expected usb_endpoints are present
(CVE-2022-50297 bsc#1250250).
- commit 6950b3a
- wifi: iwl4965: Add missing check for
create_singlethread_workqueue() (CVE-2023-53302 bsc#1249958).
- commit 8f88848
- nfc: fix memory leak of se_io context in nfc_genl_se_io
(CVE-2023-53298 bsc#1249944).
- Refresh
patches.suse/nfc-change-order-inside-nfc_se_io-error-path.patch.
- commit d32133b
- x86/MCE: Always save CS register on AMD Zen IF Poison errors
(CVE-2023-53438 bsc#1250180).
- commit bf84e9b
- wifi: mwifiex: avoid possible NULL skb pointer dereference
(CVE-2023-53384 bsc#1250127).
- commit d34c18b
- ALSA: usb-audio: Fix size validation in convert_chmap_v3()
(CVE-2025-39757 bsc#1249515).
- commit 0ab86d7
- HID: hid-ntrig: fix unable to handle page fault in
ntrig_report_version() (CVE-2025-39808 bsc#1250088).
- commit 5536678
- Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305
bsc#1250049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit ac84db6
- wifi: iwl3945: Add missing check for
create_singlethread_workqueue (CVE-2023-53277 bsc#1249936).
- commit 4da361d
- soc: qcom: mdt_loader: Deal with zero e_shentsize
(CVE-2025-39787 bsc#1249545).
- soc: qcom: mdt_loader: Fix error return values in
mdt_header_valid() (CVE-2025-39787 bsc#1249545).
- commit 529120f
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors
(CVE-2025-39757 bsc#1249515).
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header
(CVE-2025-39787 bsc#1249545).
- commit 5d06f31
- btrfs: abort transaction on unexpected eb generation at
btrfs_copy_root() (bsc#1250177 CVE-2025-39800).
- Refresh
patches.suse/0001-btrfs-Introduce-support-for-FSID-change-without-meta.patch.
- Refresh
patches.suse/0002-btrfs-Remove-fsid-metadata_fsid-fields-from-btrfs_in.patch.
- commit ebb9819
- kernel-source.spec: Depend on python3-base for build
Both kernel-binary and kernel-docs already have this dependency.
Adding it to kernel-source makes it possible to use python in shared
build scripts.
- commit 72fdedd
- kernel-source: Do not list mkspec and its inputs as sources
(bsc#1250522).
This excludes the files from the src.rpm. The next step is to remove
these files in tar-up so that they do not get uploaded to OBS either.
As there is only one version of tar-up these files need to be removed
from all kernels.
- commit e72b8a2
- bpf: cpumap: Fix memory leak in cpu_map_update_elem (bsc#1250150
CVE-2023-53441).
- commit 77b4844
- drivers/md/md-bitmap: check the return value of
md_bitmap_get_counter() (CVE-2022-50402, bsc#1250363).
- commit b998cb4
- ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358
CVE-2023-53395).
- commit 16cf2b4
- ACPICA: Fix error code path in acpi_ds_call_control_method()
(bsc#1249615 CVE-2025-39763).
- commit 00cd9ae
- rpm: Link arch-symbols script from scripts directory.
- commit 90b2abb
- skbuff: Account for tail adjustment during pull operations
(CVE-2022-50365 bsc#1250084).
- commit 2c0b58b
- btrfs: fix deadlock when aborting transaction during relocation
with scrub (bsc#1250018 CVE-2023-53348).
- commit 6970fda
- use uniform permission checks for all mount propagation changes
(git-fixes).
- commit 5972133
- net/tunnel: wait until all sk_user_data reader finish before
releasing the sock (CVE-2022-50405 bsc#1250155).
- commit aea82ac
- rpm: Link guards script from scripts directory.
- commit e19a893
- usb: core: config: Prevent OOB read in SS endpoint companion
parsing (CVE-2025-39760 bsc#1249598).
- commit ee5b3a5
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
(CVE-2023-53344 bsc#1250023).
- net: sched: fix memory leak in tcindex_set_parms (CVE-2022-50396
bsc#1250104).
- net: hns: fix possible memory leak in hnae_ae_register()
(CVE-2022-50352 bsc#1249922).
- commit 10ff501
- drm/client: Fix memory leak in drm_client_modeset_probe (bsc#1250058 CVE-2023-53288)
- commit d2583cc
- modpost: fix off by one in is_executable_section() (bsc#1250125
CVE-2023-53397).
- commit 1e88ffb
- dma-buf: add dma_fence_get_stub (bsc#1249779)
- commit af3d574
- drm/amdgpu: install stub fence into potential unused fence pointers (bsc#1249779 CVE-2023-53248)
- commit 2f24c24
- Refresh patches.kabi/blkg_policy_data-fix-kabi.patch.
- Refresh
patches.kabi/xsk-Fix-race-condition-in-AF_XDP-generic-RX-path.patch.
- commit aee218b
- fixup patches.suse/ext4-fix-WARNING-in-mb_find_extent.patch
- commit bc062c7
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (CVE-2023-53393 bsc#1250114)
- commit 3367be7
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (CVE-2023-53335 bsc#1250072)
- commit de7e5a8
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
(CVE-2023-53309 bsc#1250055).
- commit 0fc616d
- Refresh patches.kabi/blkg_policy_data-fix-kabi.patch.
- commit 5d9cd59
- Update config files. (bsc#1249186)
Enable where we define KABI refs + rely on Kconfig deps.
- commit a2cab75
- Refresh patches.kabi/blkg_policy_data-fix-kabi.patch.
- Refresh
patches.kabi/xsk-Fix-race-condition-in-AF_XDP-generic-RX-path.patch.
Semiautomatic
git grep -l BUILD_BUG_ON patches.kabi/ | xargs sed -i '/^+/s/\<BUILD_BUG_ON\>/suse_kabi_static_assert/'
plus manual drop of guard in blkg_policy_data-fix-kabi.patch.
- commit 7689a50
- build_bug.h: add wrapper for _Static_assert (bsc#1249186).
- commit 55004e9
- iomap: iomap: fix memory corruption when recording errors
during writeback (bsc#1250165 CVE-2022-50406).
- commit 5a4f1a7
- ext4: fix WARNING in mb_find_extent (bsc#1250081
CVE-2023-53317).
- commit 85276b3
- jbd2: prevent softlockup in jbd2_log_do_checkpoint()
(bsc#1249526 CVE-2025-39782).
- commit 3659634
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
(bsc#1249258 CVE-2025-38701).
- commit a95c36d
- fs/buffer: fix use-after-free when call bh_read() helper
(bsc#1249374 CVE-2025-39691).
- commit f608a73
- kcm: annotate data-races around kcm->rx_wait (CVE-2022-50265
bsc#1249744).
- kcm: annotate data-races around kcm->rx_psock (CVE-2022-50291
bsc#1249798).
- commit aaba982
- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
(bsc#1249194 CVE-2025-38712).
- commit 521eb34
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(bsc#1249200 CVE-2025-38713).
- commit 91e012f
- wifi: brcmfmac: Fix potential stack-out-of-bounds in
brcmf_c_preinit_dcmds() (CVE-2022-50258 bsc#1249947).
- commit 5e60cf0
- drivers: base: cacheinfo: Fix shared_cpu_map changes in event
of CPU hotplug (CVE-2023-53254 bsc#1249871).
- commit d73f053
- cacheinfo: Fix shared_cpu_map to handle shared caches at
different levels (CVE-2023-53254 bsc#1249871).
- commit b2d75ed
- wifi: mwifiex: Fix oob check condition in
mwifiex_process_rx_packet (CVE-2023-53226 bsc#1249658).
- wifi: mwifiex: Fix missed return in oob checks failed path
(CVE-2023-53226 bsc#1249658).
- wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after
free for wext" (CVE-2023-53153 bsc#1249877).
- commit 01aaa87
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
(CVE-2023-53226 bsc#1249658).
- wifi: cfg80211: Fix use after free for wext (CVE-2023-53153
bsc#1249877).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream()
fails (CVE-2023-53199 bsc#1249683).
- commit f427ccc
- crypto: cavium - prevent integer overflow loading firmware
(CVE-2022-50330 bsc#1249700).
- commit 489e575
- crypto: cavium - add release_firmware to all return case
(CVE-2022-50330 bsc#1249700).
- commit 372d22d
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
(CVE-2022-50349 bsc#1249920).
- commit 658f5fe
- wifi: brcmfmac: fix potential memory leak in
brcmf_netdev_start_xmit() (CVE-2022-50321 bsc#1249706).
- commit d3baaae
- cxl: Fix refcount leak in cxl_calc_capp_routing (CVE-2022-50311
bsc#1249720).
- commit 70f8a07
- mm: export bdi_unregister (CVE-2022-50304 bsc#1249725).
- commit 9420929
- mtd: core: fix possible resource leak in init_mtd()
(CVE-2022-50304 bsc#1249725).
- commit 191b4a8
- mm,hugetlb: take hugetlb_lock before decrementing
h->resv_huge_pages (CVE-2022-50285 bsc#1249803).
- commit 53c2d88
- RDMA/bnxt_re: wraparound mbox producer index (CVE-2023-53201 bsc#1249687)
- commit 4aab7ab
- wifi: libertas: fix memory leak in lbs_init_adapter()
(CVE-2022-50294 bsc#1249799).
- cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
(CVE-2022-50244 bsc#1249647).
- PNP: fix name memory leak in pnp_alloc_dev() (CVE-2022-50278
bsc#1249715).
- commit c3e3de7
- drm/amd/pm: fix null pointer access (CVE-2025-38705
bsc#1249334).
- commit 6b431f7
- fbdev: fix potential buffer overflow in
do_register_framebuffer() (CVE-2025-38702 bsc#1249254).
- commit 4004fc6
- drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
(CVE-2025-39706 bsc#1249413).
- commit 83af3ba
- Refresh
patches.suse/Bluetooth-Replace-BT_DBG-with-bt_dev_dbg-for-managem.patch.
- commit c6ff1e0
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
(CVE-2025-39751 bsc#1249538).
- commit 8a44263
- kABI fix after x86/vmscape: Add conditional IBPB mitigation
(bsc#1247483 CVE-2025-40300).
- commit 0df5e36
- drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295 CVE-2025-39705)
- commit 478e53d
- Bluetooth: hci_core: Fix calling mgmt_device_connected
(git-fixes).
- commit bd515e0
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too
(CVE-2025-38729 bsc#1249164).
- commit 8b412cb
- pptp: fix pptp_xmit() error path (git-fixes).
- pptp: ensure minimal skb length in pptp_xmit() (CVE-2025-38574
bsc#1248365).
- can: netlink: can_changelink(): fix NULL pointer deref of
struct can_priv::do_set_mode (CVE-2025-38665 bsc#1248648).
- tls: separate no-async decryption request handling from async
(CVE-2024-58240 bsc#1248847).
- commit cb8a609
- Limit patch filenames to 100 characters (bsc#1249604).
- commit e94c0ca
- smb: client: fix use-after-free in cifs_oplock_break
(bsc#1248199, CVE-2025-38527).
- commit e4dac9c
- tipc: improve function tipc_wait_for_cond() (bsc#1249037).
- commit 66b60a2
- PCI: Fix use-after-free of slot->bus on hot remove
(CVE-2024-53194 bsc#1235459).
- commit 8ed6518
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- commit 40606b5
- powerpc/eeh: Export eeh_unfreeze_pe() (CVE-2025-38623
bsc#1248610).
- commit e1ab8da
- pci/hotplug/pnv-php: Wrap warnings in macro (CVE-2025-38623
bsc#1248610).
- commit fcff164
- PCI: pnv_php: Fix surprise plug detection and recovery
(CVE-2025-38623 bsc#1248610).
- commit 77a6e44
- PCI: pnv_php: Clean up allocated IRQs on unplug (CVE-2025-38624
bsc#1248617).
- commit f20bd36
- netfilter: xt_nfacct: don't assume acct name is null-terminated (CVE-2025-38639 bsc#1248674)
- commit 85e9df6
- s390/ism: fix concurrency management in ism_cmd() (git-fixes
bsc#1249266 CVE-2025-39726).
- commit 4cdfb37
- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220 CVE-2025-38685)
- commit d40c5ad
- pinmux: fix race causing mux_owner NULL with active mux_usecount
(CVE-2025-38632 bsc#1248669).
- commit 417d30f
- smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247239, CVE-2025-38488).
- commit f68b209
- wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
(CVE-2025-38602 bsc#1248341).
- commit 26c0123
- iwlwifi: Add missing check for alloc_ordered_workqueue
(CVE-2025-38602 bsc#1248341).
- commit 1f095f0
- wifi: rtl818x: Kill URBs before clearing tx status queue (CVE-2025-38604 bsc#1248333)
- commit 3582a16
- ipv6: reject malicious packets in ipv6_gso_segment()
(CVE-2025-38572 bsc#1248399).
- net/sched: Restrict conditions for adding duplicating netems
to qdisc tree (CVE-2025-38553 bsc#1248255).
- commit edb7431
- rpm: Configure KABI checkingness macro (bsc#1249186)
The value of the config should match presence of KABI reference data. If
it mismatches:
- !CONFIG & reference -> this is bug, immediate fail
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- commit 23c1536
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186)
The motivation: there are patches.kabi/ patches that restore KABI and
they check validity of the approach with static_assert()s to prevent
accidental KABI breakage.
These asserts are invoked on each arch-flavor and they may signal false
negatives -- that is KABI restoration patch could break KABI but the
given arch-flavor defines no KABI.
The intended use is to disable the compile time checks in patches.kabi/
(but not to be confused with __GENKSYMS__ that affects how reference is
calculated).
The name is chosen so that it mimics HAVE_* macros that are not
configured manually (but is selected by an arch). In our case it's
(un)selected by build script depending on whether KABI reference is
defined for given arch-flavor and whether check is really requested by
the user. Default value is 'n' so that people building merely via
Makefile (not RPM with KABI checking) obtain consistent config.
- commit 75ce338
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints
(CVE-2025-22022 bsc#1241292).
- commit b35c518
- usb: xhci: move link chain bit quirk checks into one helper
function (CVE-2025-22022 bsc#1241292).
- commit e8f6e8b
- drm/framebuffer: Fix object locking in destroy function (bsc#1248130)
Fix the locking in drm_gem_fb_destroy(). This is an bug in the backport
of commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on
GEM handles") for bsc#1247255.
- commit 8b690c9
- HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556 bsc#1248296)
- commit efa9b29
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (CVE-2025-38473 bsc#1247289)
- commit 3bda5d9
- bus: fsl-mc: fix double-free on mc_dev (CVE-2025-38313 bsc#1246342)
- commit cfe0da6
- bcache: fix NULL pointer in cache_set_flush() (CVE-2025-38263 bsc#1246248)
- commit 0207ad5
- wifi: mac80211: reject TDLS operations when station is not
associated (CVE-2025-38644 bsc#1248748).
- commit 38baafe
- vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511
CVE-2025-38618).
- commit 7301855
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(CVE-2022-49980 bsc#1245110).
- commit e73f583
- usb: gadget: Fix use-after-free bug by not setting
udc->dev.driver (CVE-2022-49980 bsc#1245110).
- commit 7b2e080
- usb: gadget: udc: core: Use pr_fmt() to prefix messages
(CVE-2022-49980 bsc#1245110).
- commit 342cb6b
- usb: gadget: core: do not try to disconnect gadget if it is
not connected (CVE-2022-49980 bsc#1245110).
- commit 6ce9821
- USB: gadget core: Issue ->disconnect() callback from
usb_gadget_disconnect() (CVE-2022-49980 bsc#1245110).
- commit e372dab
- usb: gadget: udc: Use scnprintf() instead of snprintf()
(CVE-2022-49980 bsc#1245110).
- commit 01ff878
- usb: gadget: udc: remove duplicate & operation (CVE-2022-49980
bsc#1245110).
- commit 6258328
- usb: gadget: remove redundant self assignment (CVE-2022-49980
bsc#1245110).
- commit aa82e52
- Update patches.suse/perf-core-Exit-early-on-perf_mmap-fail.patch
(CVE-2025-38563 bsc#1248306 dependency CVE-2025-38565
bsc#1248377).
- commit d0832f2
- thunderbolt: Do not double dequeue a configuration request (CVE-2025-38174 bsc#1245781)
- commit 34371af
- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (CVE-2025-38214 bsc#1246042)
- commit 4cdcf0a
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (CVE-2025-38184 bsc#1245956)
- commit f59dd51
- gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (CVE-2025-38122 bsc#1245746)
- commit c710bdd
- net: usb: aqc111: debug info before sanitation (bsc#1245744)
- commit 3ab10bb
- net: usb: aqc111: fix error handling of usbnet read calls (CVE-2025-38153 bsc#1245744)
- commit 0a0b0b6
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (CVE-2025-38102 bsc#1245669)
- commit 104e403
- kernel-binary: Another installation ordering fix (bsc#1241353).
- commit fe14ab5
- Fix backport of the patch:
patches.suse/ext4-fix-race-when-reusing-xattr-blocks.patch (bsc#1247929)
- commit 2389678
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(CVE-2022-49980 bsc#1245110).
- commit 5e1438b
- perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563
bsc#1248306).
- commit 8cbbc54
- perf/core: Exit early on perf_mmap() fail (CVE-2025-38563
bsc#1248306 dependency).
- commit 45bf71a
- usb: net: sierra: check for no status endpoint (CVE-2025-38474
bsc#1247311).
- commit 9d6b398
- perf/core: Don't leak AUX buffer refcount on allocation failure
(CVE-2025-38563 bsc#1248306 dependency).
- commit 6e78f38
- atm: clip: Fix memory leak of struct clip_vcc (CVE-2025-38546
bsc#1248223).
- commit 9623eb0
- hid: hide cleanup of hid_descriptor (CVE-2025-38103
bsc#1245663).
- commit 13489bf
- HID: usbhid: Eliminate recurrent out-of-bounds bug in
usbhid_parse() (CVE-2025-38103 bsc#1245663).
- commit de56614
- wifi: zd1211rw: Fix potential NULL pointer dereference in
zd_mac_tx_to_dev() (CVE-2025-38513 bsc#1248179).
- commit 5d08711
- drm/sched: Increment job count before swapping tail spsc queue
(CVE-2025-38515 bsc#1248212).
- commit c4cd790
- bluetooth put new member for hci_dev at end (CVE-2025-38117
bsc#1245695).
- commit 0a0a7e2
- bluetooth: hide change to struct mgmt_pending_cmd
(CVE-2025-38117 bsc#1245695).
- commit be95d10
- build_bug.h: Add KABI assert (bsc#1249186).
- commit 9a1fb64
- wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-38512
bsc#1248178).
- commit b3fbfce
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (bsc#1225527)
- commit 696796d
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499 bsc#1247976)
- commit 853d04a
- net/packet: fix a race in packet_set_ring() and
packet_notifier() (CVE-2025-38617 bsc#1248621).
- commit b606d75
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (CVE-2025-38245 bsc#1246193)
- commit b752c31
- atm: Revert atm_account_tx() if copy_from_iter_full() fails (CVE-2025-38190 bsc#1245973)
- commit 3bb91d5
- atm: atmtcp: Free invalid length skb in atmtcp_c_send() (CVE-2025-38185 bsc#1246012)
- commit eb7640e
- x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483 CVE-2025-40300).
- commit c527311
- x86/bugs: Move cpu_bugs_smt_update() down (bsc#1247483 CVE-2025-40300).
- commit 42c2e27
- x86/vmscape: Enable the mitigation (bsc#1247483 CVE-2025-40300).
- Update config files.
- Update patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch
- Update patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch
- commit 8655743
- x86/vmscape: Add conditional IBPB mitigation (bsc#1247483 CVE-2025-40300).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit c1e08fc
- x86/vmscape: Enumerate VMSCAPE bug (bsc#1247483 CVE-2025-40300).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 12b0c37
- crypto: marvell/cesa - Handle zero-length skcipher requests (CVE-2025-38173 bsc#1245769)
- commit 202473d
- tee: fix compiler warning in tee_shm_register() (CVE-2022-50080 bsc#1244972)
- commit 22a7c7b
- tee: add overflow check in register_shm_helper() (CVE-2022-50080 bsc#1244972)
- commit a02103f
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CVE-2022-50228 bsc#1244854)
- commit ac7e443
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (CVE-2022-50185 bsc#1244887)
- commit 50be8a6
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (CVE-2022-50229 bsc#1244856)
- commit f2b2849
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (CVE-2022-50191 bsc#1244899)
- commit de6ac5a
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (CVE-2022-50141 bsc#1244794)
- commit 6834f5d
- net: atlantic: fix aq_vec index out of range error (CVE-2022-50066 bsc#1244985).
- commit 6c25c9e
- Update config files. Disable N_GSM (jsc#PED-8240, bsc#1244824, CVE-2022-50116)
- commit e07a3f6
- tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464
bsc#1247112).
- commit 9f4aa7a
- Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483 CVE-2025-40300).
- commit 147b470
- xfrm: fix refcount leak in __xfrm_policy_check() (CVE-2022-50007 bsc#1245016)
- commit 8245963
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (CVE-2022-50162 bsc#1244773)
- commit 67efefc
- HID: hidraw: fix a problem of memory leak in hidraw_release() (bsc#1245072)
- commit 990e001
- HID: hidraw: fix memory leak in hidraw_release() (CVE-2022-49981 bsc#1245072)
- commit ffa8f52
- scsi: target: iscsi: Fix timeout on deleted connection (CVE-2025-38075 bsc#1244734)
- commit c2e8d4f
- bpf: Fix a data-race around bpf_jit_limit (CVE-2022-49967 bsc#1244964)
- commit b2d2477
- crypto: pcrypt - Fix hungtask for PADATA_RESET (CVE-2023-52813 bsc#1225527)
- commit b063c0a
- RDMA/rxe: Fix error unwind in rxe_create_qp() (CVE-2022-50127 bsc#1244815)
- commit bd0b886
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (CVE-2022-50138 bsc#1244797)
- commit 585ba4c
- Refresh patches.suse/x86-alternative-Merge-include-files.patch.
- commit 61adacf
- drm/framebuffer: Acquire internal references on GEM handles (bsc#1247255)
- commit 13075c4
- Move pesign-obs-integration requirement from kernel-syms to kernel devel
subpackage (bsc#1248108).
- commit e707e41
- drm/gem: Acquire references on GEM handles for framebuffers (bsc#1247255 CVE-2025-38449)
- commit 4e06401
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
(bsc#1242782, CVE-2025-23141).
- commit 9f573f0
- netlink: avoid infinite retry looping in netlink_unicast()
(CVE-2025-38465 bsc#1247118).
- commit 0acd3ff
- posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del() (bsc#1246911 CVE-2025-38352).
- blacklist.conf: CVE-2022-50159
- commit 0e930ec
- kABI fix for net: vlan: fix VLAN 0 refcount imbalance of
toggling (CVE-2025-38470 bsc#1247288).
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering
during runtime (CVE-2025-38470 bsc#1247288).
- net/sched: Abort __tc_modify_qdisc if parent class does not
exist (CVE-2025-38457 bsc#1247098).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(CVE-2025-38460 bsc#1247143).
- net: sched: simplify the qdisc_leaf code (CVE-2025-38457
bsc#1247098).
- commit bc4b1c9
- x86/its: Align RETs in BHB clear sequence to avoid thunking (bsc#1242006 CVE-2024-28956).
- commit 9e72e87
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 7095d7d
- x86/its: Enable Indirect Target Selection mitigation (bsc#1242006 CVE-2024-28956).
- commit 06978e9
- x86/its: Add support for ITS-safe return thunk (bsc#1242006 CVE-2024-28956).
- commit ed80f34
- x86/its: Add support for ITS-safe indirect thunk (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 847f2c0
- do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498 bsc#1247374)
- commit fc35a30
- af_packet: Don't send zero-byte data in packet_sendmsg_spkt()
(CVE-2022-49975 bsc#1245196).
- bpf: Move skb->len == 0 checks into __bpf_redirect
(CVE-2022-49975 bsc#1245196).
- bpf: make sure skb->len != 0 when redirecting to a tunneling
device (CVE-2022-49975 bsc#1245196).
- net/ieee802154: don't warn zero-sized raw_sendmsg()
(CVE-2022-49975 bsc#1245196).
- net/af_packet: check len when min_header_len equals to 0
(CVE-2022-49975 bsc#1245196).
- bpf: Don't redirect packets with invalid pkt_len (CVE-2022-49975
bsc#1245196).
- bpf: in __bpf_redirect_no_mac pull mac only if present
(CVE-2022-49975 bsc#1245196).
- commit bde4efa
- ACPICA: Refuse to evaluate a method if arguments are missing
(CVE-2025-38386 bsc#1247138).
- commit 2984cfb
- x86/asm: Provide ALTERNATIVE_3 (git-fixes).
- commit f737462
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound
request (bsc#1247160 CVE-2025-38430).
- commit 53125b5
- linkage: Introduce new macros for assembler symbols (git-fixes).
- commit e08683f
- x86: Simplify retpoline declaration (git-fixes).
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-cpu-Fix-up-srso_safe_ret-and-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-cpu-Rename-srso_-.-_alias-to-srso_alias_-1.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-retpoline-kprobes-Fix-position-of-thunk-sections-with-.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit 8b2413e
- netlink: make sure we allow at least one dump skb
(CVE-2025-38465 bsc#1247118).
- netlink: Fix rmem check in netlink_broadcast_deliver()
(CVE-2025-38465 bsc#1247118).
- netlink: Fix wraparounds of sk->sk_rmem_alloc (CVE-2025-38465
bsc#1247118).
- commit 0e7befb
- l2tp: convert l2tp_tunnel_list to idr (CVE-2023-53020 bsc#1240224).
Fix locking imbalance introduced by earlier backport.
(See bsc#1240224 comment 10.)
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
- commit e975b9c
- l2ip: fix possible use-after-free (CVE-2023-53020 bsc#1240224).
A prerequisity for a locking issue fix.
- commit c99f095
- x86/alternatives: Add an ALTERNATIVE_3() macro (git-fixes).
- commit 7cd3769
- x86/alternatives: Print containing function (git-fixes).
- commit 195541d
- x86/alternatives: Add macro comments (git-fixes).
- commit efb228e
- x86/alternative: Merge include files (git-fixes).
- Refresh
patches.suse/x86-lib-atomic64_386_32-rename-things.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit d6a4cdb
- fs: prevent out-of-bounds array speculation when closing a
file descriptor (CVE-2023-53117 bsc#1242780).
- commit f9988ba
- update patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch
Fix locking imbalance in the backport, see bsc#1240224 comment 10.
- commit 5e477f0
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic
context in qfq_delete_class (CVE-2025-38477 bsc#1247314).
- net/sched: Return NULL when htb_lookup_leaf encounters an
empty rbtree (CVE-2025-38468 bsc#1247437).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
(CVE-2025-38477 bsc#1247314).
- commit 7630d26
- x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 42eb2aa
- HID: intel-ish-hid: Fix use-after-free issue in
ishtp_hid_remove() (git-fixes CVE-2025-21928 bsc#1240722).
- commit 1ea59c1
- sched, cpuset: Fix dl_cpu_busy() panic due to empty
cs->cpus_allowed (CVE-2022-50103 bsc#1244840).
- commit 42c9f5e
- btrfs: harden block_group::bg_list against list_del() races (CVE-2025-37856 bsc#1243068)
- commit b816dc5
- crypto: lzo - Fix compression buffer overrun (CVE-2025-38068 bsc#1245210)
- commit 7609c8c
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
(bsc#1242960 CVE-2025-37885).
- commit eff0d4a
- KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
(bsc#242960 CVE-2025-37885).
- commit b7ec59d
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- commit b4fa2d1
- virtio-net: ensure the received length does not exceed allocated
size (CVE-2025-38375 bsc#1247177).
- commit e965903
- vsock/vmci: Clear the vmci transport packet properly when
initializing it (CVE-2025-38403 bsc#1247141).
- commit 42a6e1c
- wifi: carl9170: do not ping device which has failed to load
firmware (CVE-2025-38420 bsc#1247279).
- commit 77ff409
- crypto: qat - resolve race condition during AER recovery
(bsc#1223638 CVE-2024-26974).
- crypto: qat - fix double free during reset (bsc#1223638
CVE-2024-26974).
- commit 839d708
- Update
patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- commit 9499075
- bdi: Fix up kabi for dev_name addition (bsc#1171844).
- bdi: add a ->dev_name field to struct backing_dev_info
(bsc#1171844).
- commit 2563dd2
- Squashfs: check return result of sb_min_blocksize (bsc#1247147
CVE-2025-38415).
- commit 83161f2
- RDMA/core: Always release restrack object (git-fixes)
- commit 1647262
- HID: core: ensure the allocated report buffer can contain the
reserved report ID (CVE-2025-38495 bsc#1247348).
- commit a99e88f
- HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494
bsc#1247349).
- commit a6f63b8
- net/sched: Always pass notifications when child class becomes
empty (CVE-2025-38350 bsc#1246781).
- commit a358033
- usb: host: ohci-ppc-of: Fix refcount leak bug (CVE-2022-50033
bsc#1245139).
- commit 341200f
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent
kernel memory leak (CVE-2022-50226 bsc#1244860).
- commit aa9545e
- l2tp: Don't sleep and disable BH under writer-side
sk_callback_lock (git-fixes).
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
- commit eb080d7
- l2tp: fix a sock refcnt leak in l2tp_tunnel_register
(git-fixes).
- net: fix a concurrency bug in l2tp_tunnel_register()
(bsc#1205711 CVE-2022-4129).
- Refresh
patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch.
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- commit 72fa3a1
- loop: Check for overflow while configuring loop (bsc#1245121
CVE-2022-49993).
- blacklist.conf: Remove commit from blacklist
- commit bb8ea17
- jbd2: fix data-race and null-ptr-deref in
jbd2_journal_dirty_metadata() (bsc#1246253 CVE-2025-38337).
- commit 3af075b
- ext4: inline: fix len overflow in ext4_prepare_inline_data
(bsc#1245976 CVE-2025-38222).
- commit 30045aa
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under
mount_lock (bsc#1245151 CVE-2025-38058).
- commit cc3f42a
- usb: typec: altmodes/displayport: do not index invalid
pin_assignments (CVE-2025-38391 bsc#1247181).
- commit de59e61
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- scsi: core: Fix a procfs host directory removal regression
(git-fixes CVE-2023-53118 bsc#1242365).
- commit 8e14770
- scsi: core: Fix a source code comment (git-fixes).
This isn't super useful per se, but makes applying other patches easier.
- commit a0df70c
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock
(CVE-2025-38117 bsc#1245695).
- commit 59a2ea0
- Refresh
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_priv-ec.patch.
Fix the following warning:
drivers/net/can/dev.c: In function 'can_put_echo_skb':
drivers/net/can/dev.c:451:3: warning: 'return' with a value, in function returning void
- commit 3c66160
- kabi fix for perf/aux: Fix AUX buffer serialization
(bsc#1230581, CVE-2024-46713).
- perf/aux: Fix AUX buffer serialization (bsc#1230581,
CVE-2024-46713).
- commit a370cdb
- iommu/arm-smmu: fix possible null-ptr-deref in
arm_smmu_device_probe() (CVE-2022-49323 bsc#1238400).
- commit 1c0f036
- nvme-tcp: sanitize request list handling (CVE-2025-38264
bsc#1246387).
- commit eab9cf4
- iommu/arm-smmu-v3: check return value after calling
platform_get_resource() (CVE-2022-49319 bsc#1238374).
- commit d41ddd7
- RDMA/core: Update CMA destination address on rdma_resolve_addr (bsc#1210629 CVE-2023-2176)
- commit 45a243e
- Squashfs: check the inode number is not the invalid value of
zero (bsc#1223634 CVE-2024-26982).
- commit d6425c9
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211 bsc#1246008)
- commit e7cb52a
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
Put the same workaround to avoid file truncation of vmlinux and co in
kernel-default-base package, too.
- commit 2329734
- Bluetooth: Replace BT_DBG with bt_dev_dbg for management support
(CVE-2025-38117 bsc#1245695).
- Refresh
patches.suse/Bluetooth-MGMT-Fix-not-checking-if-BT_HS-is-enabled.patch.
- commit c096742
- Bluetooth: Fix spelling mistakes (CVE-2025-38117 bsc#1245695).
- commit 82a31bb
- rpm/kernel-binary.spec.in: Ignore return code from ksymtypes compare
When using suse-kabi-tools, the RPM build invokes 'ksymvers compare' to
compare the resulting symbol CRCs with the reference data. If the values
differ, it then invokes 'ksymtypes compare' to provide a detailed report
explaining why the symbols differ. The build expects the latter
'ksymtypes compare' command to always return zero, even if the two
compared kABI corpuses are different.
This is currently the case for 'ksymtypes compare'. However, I plan to
update the command to return a non-zero code when the comparison detects
any differences. This should ensure consistent behavior with 'ksymvers
compare'.
Since the build uses 'ksymtypes compare' only for more detailed
diagnostics, ignore its return code.
- commit 5ac1381
- net: atm: fix /proc/net/atm/lec handling (CVE-2025-38180
bsc#1245970).
- net: atm: add lec_mutex (CVE-2025-38323 bsc#1246473).
- net: atm: clean up a range check (CVE-2025-38323 bsc#1246473).
- commit 273d1a3
- Bluetooth: fix appearance typo in mgmt.c (CVE-2025-38117
bsc#1245695).
- commit 7c5fd29
- Bluetooth: mgmt: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit 27a3626
- Bluetooth: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit a97aa39
- Bluetooth: mgmt: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit e452cf2
- Bluetooth: Mark expected switch fall-throughs (CVE-2025-38117
bsc#1245695).
- commit 524b16d
- Refresh
patches.suse/ipv6-mcast-add-RCU-protection-to-mld_newpack.patch.
- commit b9c9349
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
(CVE-2025-38312 bsc#1246386).
- commit aea2659
- kABI workaround for bluetooth hci_dev changes (CVE-2025-38250
bsc#1246182).
- commit 3a445ce
- Bluetooth: hci_core: Fix use-after-free in vhci_flush()
(CVE-2025-38250 bsc#1246182).
- commit 0b02672
- fbcon: Make sure modelist not set on unregistered console (bsc#1245952 CVE-2025-38198)
- commit f64b2f2
- serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
(CVE-2025-38040 bsc#1245078).
- kabi: serial: mctrl_gpio: split disable_ms into sync and
no_sync APIs (CVE-2025-38040 bsc#1245078).
- commit 3c2fda4
- btrfs: fix deadlock when cloning inline extents and using qgroups (CVE-2021-46987 bsc#1220704)
- commit 68d125c
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (CVE-2025-38034 bsc#1244792)
- commit c1bc05f
- btrfs: do not BUG_ON() when freeing tree block after error (CVE-2024-44963 1230216)
- commit c7b8e6b
- net_sched: red: fix a race in __red_change() (CVE-2025-38108
bsc#1245675).
- net: stmmac: make sure that ptp_rate is not 0 before configuring
timestamping (CVE-2025-38126 bsc#1245708).
- bpf: fix ktls panic with sockmap (CVE-2025-38166 bsc#1245758).
- commit 1452ad9
- perf: Fix sample vs do_exit() (bsc#1246547 CVE-2025-38424 bsc#1247293)
- commit 887b64f
- Update
patches.suse/net-clear-the-dst-when-changing-skb-protocol.patch
(bsc#1245954 CVE-2025-38192).
Fix incorrect CVE reference.
- commit 8a5f77c
- patches.suse/ext4-fix-warning-in-ext4_iomap_begin-as-race-begin-as-race-between.patch:
Remove the patch as it's not needed and is causing deadlocks
(bsc#1246459, bsc#1245115, CVE-2022-50082)
- commit fab7cb7
- net_sched: sch_sfq: reject invalid perturb period
(CVE-2025-38193 bsc#1245945).
- commit b90f28d
- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
bsc#1246029).
- commit 3438ce5
- calipso: unlock rcu before returning -EAFNOSUPPORT
(CVE-2025-38147 bsc#1245768).
- calipso: Don't call calipso functions for AF_INET sk
(CVE-2025-38147 bsc#1245768).
- commit 6d3ad82
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
(CVE-2025-38200 bsc#1246045).
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx
(CVE-2025-38094 bsc#1245649).
- commit 3fe4112
- drm/amd/pp: Fix potential NULL pointer dereference in
atomctrl_initialize_mc_reg_table (CVE-2025-38319 bsc#1246243).
- commit 28370d4
- ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3() (CVE-2025-38249 bsc#1246171).
- commit a7d7572
- iopoll: Introduce read_poll_timeout_atomic macro (CVE-2025-38094
bsc#1245649).
- net: cadence: Fix a sleep-in-atomic-context bug in
macb_halt_tx() (CVE-2025-38094 bsc#1245649).
- commit 94f52a4
- net: clear the dst when changing skb protocol (bsc#1245954
CVE-2024-49861).
- commit c3ead22
- wifi: ath9k_htc: Abort software beacon handling if disabled
(CVE-2025-38157 bsc#1245747).
- commit 2580def
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (CVE-2025-38161 bsc#1245777)
- commit 884e454
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(CVE-2025-38181 bsc#1246000).
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
(CVE-2025-38115 bsc#1245689).
- commit 4ac1c90
- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
(bsc#1238160 CVE-2022-49138).
- commit a00d68a
- net: Fix TOCTOU issue in sk_is_readable() (CVE-2025-38112
bsc#1245668).
- commit 5d4114f
- Bluetooth: hci_event: Fix checking for invalid handle on error
status (bsc#1238160 CVE-2022-49138).
- commit c843371
- vgacon: Add check for vc_origin address range in vgacon_scroll()
(CVE-2025-38213 bsc#1246037).
- commit 22c4880
- ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105
bsc#1245682).
- commit 917cf9d
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (CVE-2022-49934
bsc#1245051).
- commit cf69513
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- commit 630f139
- nbd: don't allow reconnect after disconnect (CVE-2025-21731 bsc#1237881).
- commit 8a4b419
- vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074
bsc#1244735).
- commit 18cd652
- Bluetooth: hci_event: Ignore multiple conn complete events
(bsc#1238160 CVE-2022-49138).
- commit a0784d3
- virtgpu: don't reset on shutdown (git-fixes).
- commit b2d9b68
- curl
-
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- rsync
-
- Fix bsc#1249363 - rsync client sometimes unable to list modules
* Fix order of arguments in rsync-fix-daemon-proto-32.patch
* Change spec fie to use %patch -P n -p1 syntax to conform to rpmlint