- aaa_base
-
- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
* If a user switches the login shell respect the already set
PATH environment (bsc#1235481)
- add patch aaa_base-rc.status.patch (bsc#1236033)
(no git, file is gone in factory/tumbleweed)
update detection for systemd in rc.status, mountpoint for
cgroup changed with cgroup2, so just check if pid 1 is systemd
- apparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- ca-certificates-mozilla
-
- revert the distrusted certs for now. originally these only
distrust "new issued" certs starting after a certain date,
while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed
- cifs-utils
-
- CVE-2025-2312: cifs-utils: cifs.upcall makes an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
* add New-mount-option-for-cifs.upcall-namespace-reso.patch
- containerd
-
- Update to containerd v1.7.27. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.27>
bsc#1239749 CVE-2024-40635
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.26. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.25. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.25>
<https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- lvm2
-
- LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938)
* set lvm.conf devices.multipath_wwids_file=""
- glib2
-
- Add glib2-CVE-2025-3360.patch:
Backport 8d60d7dc from upstream, Fix integer overflow when
parsing very long ISO8601 inputs. This will only happen with
invalid (or maliciously invalid) potential ISO8601 strings,
but `g_date_time_new_from_iso8601()` needs to be robust against
that.
(CVE-2025-3360, bsc#1240897)
- glibc
-
- static-setuid-ld-library-path.patch: elf: Ignore LD_LIBRARY_PATH and
debug env var for setuid for static (CVE-2025-4802, bsc#1243317)
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
[#25847])
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
- grub2
-
- Fix CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971)
* 0001-kern-rescue_reader-Block-the-rescue-mode-until-the-C.patch
* 0002-commands-search-Introduce-the-cryptodisk-only-argume.patch
* 0003-disk-diskfilter-Introduce-the-cryptocheck-command.patch
* 0004-commands-search-Add-the-diskfilter-support.patch
* 0005-docs-Document-available-crypto-disks-checks.patch
* 0006-disk-cryptodisk-Add-the-erase-secrets-function.patch
* 0007-disk-cryptodisk-Wipe-the-passphrase-from-memory.patch
* 0008-cryptocheck-Add-quiet-option.patch
- patch rebased
* 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
* 0004-Key-revocation-on-out-of-bound-file-access.patch
- patch refrehed
* 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Refresh PPC NVMEoF ofpath related patches to newer revision
* 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
- Patch refreshed
* 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
- Patch obsoleted
* 0004-ofpath-controller-name-update.patch
* 0001-squash-ieee1275-ofpath-enable-NVMeoF-logical-device-.patch
- Fix segmentation fault error in grub2-probe with target=hints_string
(bsc#1235971) (bsc#1235958) (bsc#1239651)
* 0001-ofpath-Add-error-check-in-NVMEoF-device-translation.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#156
- fix network card detection on aarch64 (bsc#1240648)
- 21.88
- iproute2
-
- avoid spurious cgroup warning (bsc#1234383):
- ss-Tone-down-cgroup-path-resolution.patch
- kbd
-
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230,
kbd-ignore-working-directory-1.patch,
kbd-ignore-working-directory-2.patch,
kbd-ignore-working-directory-3.patch).
- kernel-azure
-
- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection
(git-fixes).
- platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO
Wujie 14XA (GX4HRXL) (git-fixes).
- commit fe36676
- check-for-config-changes: Fix flag name typo
- commit 1046b16
- Input: xpad - fix two controller table values (git-fixes).
- Input: mtk-pmic-keys - fix possible null pointer dereference
(git-fixes).
- Input: cyttsp5 - ensure minimum reset pulse width (git-fixes).
- commit bd45eeb
- Move upstreamed sound patch into sorted section
- commit 3442d03
- usb: usbtmc: Fix erroneous generic_read ioctl return
(git-fixes).
- usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes).
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
(git-fixes).
- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT
transition (git-fixes).
- USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes).
- usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version
(git-fixes).
- usb: typec: ucsi: displayport: Fix NULL pointer access
(git-fixes).
- usb: uhci-platform: Make the clock really optional (git-fixes).
- usb: gadget: Use get_status callback to set remote wakeup
capability (git-fixes).
- usb: gadget: f_ecm: Add get_status callback (git-fixes).
- usb: host: tegra: Prevent host controller crash when OTG port
is used (git-fixes).
- usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN
(git-fixes).
- staging: axis-fifo: Remove hardware resets for user errors
(git-fixes).
- staging: axis-fifo: Correct handling of tx_fifo_depth for size
validation (git-fixes).
- iio: adis16201: Correct inclinometer channel resolution
(git-fixes).
- iio: adc: ad7606: fix serial register access (git-fixes).
- staging: iio: adc: ad7816: Correct conditional logic for store
mode (git-fixes).
- iio: temp: maxim-thermocouple: Fix potential lack of DMA safe
buffer (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in
st_lsm6dsx_read_tagged_fifo (git-fixes).
- iio: imu: st_lsm6dsx: fix possible lockup in
st_lsm6dsx_read_fifo (git-fixes).
- iio: accel: adxl367: fix setting odr for activity time update
(git-fixes).
- drm/amdgpu/hdp5.2: use memcfg register to post the write for
HDP flush (git-fixes).
- drm/amd/display: Fix wrong handling for AUX_DEFER case
(git-fixes).
- drm/amd/display: Copy AUX read reply data whenever length >
0 (git-fixes).
- drm/amd/display: Remove incorrect checking in dmub aux handler
(git-fixes).
- drm/amd/display: Shift DMUB AUX reply command if necessary
(git-fixes).
- drm/panel: simple: Update timings for AUO G101EVN010
(git-fixes).
- wifi: cfg80211: fix out-of-bounds access during multi-link
element defragmentation (git-fixes).
- can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes).
- can: mcan: m_can_class_unregister(): fix order of unregistration
calls (git-fixes).
- can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration
calls (git-fixes).
- can: mcp251xfd: fix TDC setting for low data bit rates
(git-fixes).
- irqchip/qcom-mpm: Prevent crash when trying to handle non-wake
GPIOs (git-fixes).
- ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset
(stable-fixes).
- ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface()
(stable-fixes).
- drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes).
- platform/x86/amd: pmc: Require at least 2.5 seconds between
HW sleep cycles (stable-fixes).
- drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp
(stable-fixes).
- ASoC: soc-core: Stop using of_property_read_bool() for
non-boolean properties (stable-fixes).
- ASoC: Use of_property_read_bool() (stable-fixes).
- xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes).
- commit 9628f1b
- dm: fix copying after src array boundaries (git-fixes).
- commit 10c16a9
- dm: add missing unlock on in dm_keyslot_evict() (git-fixes).
- commit a94a8c2
- codel: remove sch->q.qlen check before
qdisc_tree_reduce_backlog() (CVE-2025-37798 bsc#1242414).
- commit 8fb5816
- Update
patches.suse/net-smc-initialize-close_work-early-to-avoid-warning.patch
(CVE-2024-56641 bsc#1235526 bsc#1242985).
- commit d393a0f
- mptcp: fix NULL pointer in can_accept_new_subflow
(CVE-2025-23145 bsc#1242596).
- mptcp: relax check on MPC passive fallback (git-fixes).
- mptcp: refine opt_mp_capable determination (git-fixes).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
(git-fixes).
- mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
(git-fixes CVE-2024-35840 bsc#1224597).
- mptcp: strict validation before using mp_opt->hmac (git-fixes).
- commit b0b581d
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
(git-fixes).
- blacklist.conf:
- remove the entry for commit be1d9d9d38da which was blacklisted as not
needed because of absence of this backport
- commit 07c39d4
- ax25: Remove broken autobind (CVE-2025-22109 bsc#1241573).
- commit 9a9abc7
- udp: Fix memory accounting leak (CVE-2025-22058 bsc#1241332).
- commit 6a0c03a
- perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172)
- commit bf5ce56
- perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172)
- commit d976f98
- perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172)
- commit bcf5e61
- perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172)
- commit 4647012
- x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006 CVE-2024-28956).
- commit fac02ba
- x86/its: Align RETs in BHB clear sequence to avoid thunking (bsc#1242006 CVE-2024-28956).
- commit 909407f
- x86/its: Add support for RSB stuffing mitigation (bsc#1242006 CVE-2024-28956).
- commit 42d05af
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (bsc#1242006 CVE-2024-28956).
- commit cefce67
- x86/its: Enable Indirect Target Selection mitigation (bsc#1242006 CVE-2024-28956).
- commit 6720dce
- x86/its: Add support for ITS-safe return thunk (bsc#1242006 CVE-2024-28956).
- commit b904ebb
- watch_queue: fix pipe accounting mismatch (CVE-2025-23138 bsc#1241648).
- commit 53d2fbb
- x86/its: Add support for ITS-safe indirect thunk (bsc#1242006 CVE-2024-28956).
- commit 73d0713
- x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006 CVE-2024-28956).
- commit 0ceddfb
- Documentation: x86/bugs/its: Add ITS documentation (bsc#1242006 CVE-2024-28956).
- commit 8fd974a
- vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp
(CVE-2025-37799 bsc#1242283).
- commit f53c65a
- btrfs: always fallback to buffered write if the inode requires
checksum (bsc#1242831 bsc#1242710).
- commit fd92bec
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit
(bsc#1242778).
- commit 7613146
- jbd2: increase IO priority for writing revoke records
(bsc#1242332).
- commit a27757f
- Bluetooth: btnxpuart: Fix kernel panic during FW release
(bsc#1241456 CVE-2025-22102).
- commit 9e6b312
- Bluetooth: btnxpuart: Remove check for CTS low after FW download
(bsc#1241456 CVE-2025-22102).
- commit 43b7feb
- firmware: arm_ffa: Skip Rx buffer ownership release if not
acquired (git-fixes).
- firmware: arm_scmi: Balance device refcount when destroying
devices (git-fixes).
- commit e6126fe
- ext4: goto right label 'out_mmap_sem' in ext4_setattr()
(bsc#1242556).
- commit f73dc04
- mm: fix filemap_get_folios_contig returning batches of identical
folios (bsc#1242327).
- commit ab60c72
- mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT
(bsc#1242326).
- commit eefd306
- mm/readahead: fix large folio support in async readahead
(bsc#1242321).
- commit ca8ae9b
- mm: fix oops when filemap_map_pmd() without prealloc_pte
(bsc#1242546).
- commit d84ed9f
- udf: Fix inode_getblk() return value (bsc#1242313).
- commit 083cf55
- udf: Verify inode link counts before performing rename
(bsc#1242314).
- commit 8e7cda1
- udf: Skip parent dir link count update if corrupted
(bsc#1242315).
- commit 94318f0
- ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557).
- commit 531b964
- ext4: make block validity check resistent to sb bh corruption
(bsc#1242348).
- commit 12e4947
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
(bsc#1242347).
- commit 3337bde
- jbd2: add a missing data flush during file and fs
synchronization (bsc#1242346).
- commit 0ebdf6c
- ext4: don't over-report free space or inodes in statvfs
(bsc#1242345).
- commit c197ee4
- jbd2: fix off-by-one while erasing journal (bsc#1242344).
- commit 362ca97
- jbd2: remove wrong sb->s_sequence check (bsc#1242343).
- commit b288b9a
- ext4: add missing brelse() for bh2 in ext4_dx_add_entry()
(bsc#1242342).
- commit 8643d9f
- ext4: protect ext4_release_dquot against freezing (bsc#1242335).
- commit 532c985
- jbd2: flush filesystem device before updating tail sequence
(bsc#1242333).
- commit 79495ff
- ext4: partial zero eof block on unaligned inode size extension
(bsc#1242336).
- commit 992adfb
- ext4: correct encrypted dentry name hash when not casefolded
(bsc#1242540).
- commit 71bfc00
- ext4: treat end of range as exclusive in ext4_zero_range()
(bsc#1242539).
- commit 8950964
- ext4: unify the type of flexbg_size to unsigned int
(bsc#1242538).
Refresh: patches.suse/ext4-avoid-online-resizing-failures-due-to-oversized.patch
- commit 9b599f9
- jbd2: increase the journal IO's priority (bsc#1242537).
- commit 65fd6c7
- ext4: replace the traditional ternary conditional operator
with with max()/min() (bsc#1242536).
Refresh patches.suse/ext4-move-setting-of-trimmed-bit-into-ext4_try_to_tr.patch
Refresh patches.suse/ext4-fix-inconsistent-between-segment-fstrim-and-ful.patch
- commit 9de0d03
- splice: remove duplicate noinline from pipe_clear_nowait
(bsc#1242328).
- commit 8a9c110
- fs: consistently deref the files table with
rcu_dereference_raw() (bsc#1242535).
- commit 0f7e4fb
- fs: support relative paths with FSCONFIG_SET_STRING (git-fixes).
- commit 51930da
- vfs: don't mod negative dentry count when on shrinker list
(bsc#1242534).
- commit 25c9c4a
- fs: better handle deep ancestor chains in is_subdir()
(bsc#1242528).
Refresh patches.suse/dcache-keep-dentry_hashtable-or-d_hash_shift-even-when-not.patch
- commit 42bc37f
- fs: don't allow non-init s_user_ns for filesystems without
FS_USERNS_MOUNT (bsc#1242526).
- commit 08659e8
- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
(bsc#1242307).
- commit 08eabe6
- Update
patches.suse/OPP-add-index-check-to-assert-to-avoid-buffer-overfl.patch
(bsc#1238961 CVE-2024-57998 bsc#1238527).
- Update
patches.suse/PCI-ASPM-Fix-link-state-exit-during-switch-upstream-.patch
(git-fixes CVE-2024-58093 bsc#1241347).
- Update
patches.suse/RDMA-erdma-Prevent-use-after-free-in-erdma_accept_ne.patch
(git-fixes CVE-2025-22088 bsc#1241528).
- Update
patches.suse/RDMA-mlx5-Fix-mlx5_poll_one-cur_qp-update-flow.patch
(git-fixes CVE-2025-22086 bsc#1241458).
- Update
patches.suse/acpi-nfit-fix-narrowing-conversion-in-acpi_nfit_ctl.patch
(git-fixes CVE-2025-22044 bsc#1241424).
- Update
patches.suse/arm64-Don-t-call-NULL-in-do_compat_alignment_fixup.patch
(git-fixes CVE-2025-22033 bsc#1241436).
- Update
patches.suse/bnxt_en-Mask-the-bd_cnt-field-in-the-TX-BD-properly.patch
(git-fixes CVE-2025-22108 bsc#1241574).
- Update
patches.suse/bpf-avoid-holding-freeze_mutex-during-mmap-operation.patch
(git-fixes CVE-2025-21853 bsc#1239476).
- Update
patches.suse/dlm-prevent-NPD-when-writing-a-positive-value-to-event_done.patch
(git-fixes CVE-2025-23131 bsc#1241601).
- Update
patches.suse/drm-amd-display-avoid-NPD-when-ASIC-does-not-support.patch
(git-fixes CVE-2025-22093 bsc#1241545).
- Update
patches.suse/drm-vkms-Fix-use-after-free-and-double-free-on-init-.patch
(git-fixes CVE-2025-22097 bsc#1241541).
- Update patches.suse/fou-fix-initialization-of-grc.patch
(CVE-2024-46763 bsc#1230764 CVE-2024-46865 bsc#1231103).
- Update
patches.suse/idpf-check-error-for-register_netdev-on-init.patch
(git-fixes CVE-2025-22116 bsc#1241459).
- Update
patches.suse/idpf-fix-adapter-NULL-pointer-dereference-on-reboot.patch
(git-fixes CVE-2025-22065 bsc#1241333).
- Update
patches.suse/jfs-add-check-read-only-before-truncation-in-jfs_truncate_nolock.patch
(git-fixes CVE-2024-58094 bsc#1241443).
- Update
patches.suse/jfs-add-check-read-only-before-txBeginAnon-call.patch
(git-fixes CVE-2024-58095 bsc#1241442).
- Update
patches.suse/media-streamzap-fix-race-between-device-disconnectio.patch
(git-fixes CVE-2025-22027 bsc#1241369).
- Update
patches.suse/net-Add-rx_skb-of-kfree_skb-to-raw_tp_null_args.patch
(bsc#1235501 CVE-2024-56702 CVE-2025-21852 bsc#1239487).
- Update
patches.suse/netfilter-br_netfilter-skip-conntrack-input-hook-for.patch
(CVE-2024-27415 bsc#1224757 CVE-2024-27018 bsc#1223809).
- Update
patches.suse/nfsd-put-dl_stid-if-fail-to-queue-dl_recall.patch
(git-fixes CVE-2025-22025 bsc#1241361).
- Update
patches.suse/ntb_hw_switchtec-Fix-shift-out-of-bounds-in-switchte.patch
(git-fixes CVE-2023-53034 bsc#1241341).
- Update
patches.suse/ocfs2-handle-a-symlink-read-error-correctly.patch
(git-fixes CVE-2024-58001 bsc#1239079).
- Update
patches.suse/rtnetlink-Allocate-vfinfo-size-for-VF-GUIDs-when-sup.patch
(bsc#1224013 CVE-2025-22075 bsc#1241402).
- Update
patches.suse/sctp-add-mutual-exclusion-in-proc_sctp_do_udp_port.patch
(git-fixes CVE-2025-22062 bsc#1241412).
- Update
patches.suse/tcp-fix-mptcp-DSS-corruption-due-to-large-pmtu-xmit.patch
(git-fixes CVE-2024-50083 bsc#1232493).
- Update
patches.suse/thermal-int340x-Add-NULL-check-for-adev.patch
(git-fixes CVE-2025-23136 bsc#1241357).
- Update patches.suse/usbnet-fix-NPE-during-rx_complete.patch
(git-fixes CVE-2025-22050 bsc#1241441).
- Update
patches.suse/wifi-ath11k-Clear-affinity-hint-before-calling-ath11.patch
(git-fixes CVE-2025-23129 bsc#1241599).
- Update
patches.suse/wifi-ath11k-add-srng-lock-for-ath11k_hal_srng_-in-mo.patch
(git-fixes CVE-2024-58096 bsc#1241344).
- Update
patches.suse/wifi-ath11k-fix-RCU-stall-while-reaping-monitor-dest.patch
(git-fixes CVE-2024-58097 bsc#1241343).
- Update
patches.suse/wifi-ath12k-Clear-affinity-hint-before-calling-ath12.patch
(git-fixes CVE-2025-22128 bsc#1241598).
- commit a961a1a
- cifs: Fix integer overflow while processing actimeo mount option
(git-fixes).
- commit 747d942
- iommu: Fix two issues in iommu_copy_struct_from_user()
(git-fixes).
- commit 7b79fa9
- cifs: Fix integer overflow while processing acdirmax mount
option (CVE-2025-21963 bsc#1240717).
- commit 5907e46
- cifs: Fix integer overflow while processing acregmax mount
option (CVE-2025-21964 bsc#1240740).
- commit a723b7b
- cifs: Fix integer overflow while processing closetimeo mount
option (CVE-2025-21962 bsc#1240655).
- commit 03a43b4
- mptcp: consolidate suboption status (CVE-2025-21707
bsc#1238862).
- commit 18d9efe
- powerpc: Don't use --- in kernel logs (git-fixes).
- commit df3b280
- tools/hv: update route parsing in kvp daemon (git-fixes).
- commit 2e81126
- bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704
CVE-2025-21683).
- commit e163503
- i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes).
- ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence
(git-fixes).
- ALSA: hda/realtek: Fix built-mic regression on other ASUS models
(git-fixes).
- ALSA: hda/realtek - Enable speaker for HP platform (git-fixes).
- commit 5b6152a
- spi: tegra114: Don't fail set_cs_timing when delays are zero
(git-fixes).
- drm/i915/pxp: fix undefined reference to
`intel_pxp_gsccs_is_ready_for_sessions' (git-fixes).
- drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS
(git-fixes).
- drm/fdinfo: Protect against driver unbind (git-fixes).
- drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
(git-fixes).
- drm/amd/display: Force full update in gpu reset (stable-fixes).
- ata: libata-scsi: Improve CDL control (git-fixes).
- ata: libata-scsi: Fix ata_msense_control_ata_feature()
(git-fixes).
- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return
type (git-fixes).
- USB: serial: simple: add OWON HDS200 series oscilloscope support
(stable-fixes).
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical
Probe (stable-fixes).
- USB: serial: option: add Sierra Wireless EM9291 (stable-fixes).
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash
Drive (stable-fixes).
- USB: VLI disk crashes if LPM is used (stable-fixes).
- USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes).
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
(stable-fixes).
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
(stable-fixes).
- mei: me: add panther lake H DID (stable-fixes).
- spi: tegra210-quad: add rate limiting and simplify timeout
error message (stable-fixes).
- spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for
timeouts (stable-fixes).
- ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes).
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
(stable-fixes).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes).
- ntb: reduce stack usage in idt_scan_mws (stable-fixes).
- rtc: pcf85063: do a SW reset if POR failed (stable-fixes).
- thunderbolt: Scan retimers after device router has been
enumerated (stable-fixes).
- usb: host: xhci-plat: mvebu: use ->quirks instead of
- >init_quirk() func (stable-fixes).
- usb: gadget: aspeed: Add NULL pointer check in
ast_vhub_init_dev() (stable-fixes).
- usb: dwc3: gadget: Avoid using reserved endpoints on Intel
Merrifield (stable-fixes).
- usb: dwc3: gadget: Refactor loop to avoid NULL endpoints
(stable-fixes).
- usb: host: max3421-hcd: Add missing spi_device_id table
(stable-fixes).
- sound/virtio: Fix cancel_sync warnings on uninitialized
work_structs (stable-fixes).
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
(stable-fixes).
- iio: adc: ad7768-1: Fix conversion result sign (git-fixes).
- iio: adc: ad7768-1: Move setting of val a bit later to avoid
unnecessary return value check (stable-fixes).
- pinctrl: renesas: rza2: Fix potential NULL pointer dereference
(stable-fixes).
- crypto: ccp - Add support for PCI device 0x1134 (stable-fixes).
- auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes).
- auxdisplay: hd44780: Convert to platform remove callback
returning void (stable-fixes).
- commit fe3cf03
- net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (CVE-2025-22107 bsc#1241575)
- commit 673084b
- ibmvnic: Use kernel helpers for hex dumps (CVE-2025-22104 bsc#1241550)
- commit 44ef4eb
- dm: always update the array size in realloc_argv on success
(git-fixes).
- commit 80e573b
- dm-bufio: don't schedule in atomic context (git-fixes).
- commit 59b9988
- dm-ebs: fix prefetch-vs-suspend race (git-fixes).
- commit 89effad
- dm-verity: fix prefetch-vs-suspend race (git-fixes).
- commit 6899d31
- dm-integrity: set ti->error on memory allocation failure
(git-fixes).
- commit 3c1b2c7
- netfilter: nf_tables: don't unregister hook when table is
dormant (CVE-2025-22064 bsc#1241413).
- commit 3c82332
- net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes).
- commit a110462
- net_sched: qfq: Fix double list add in class with netem as
child qdisc (git-fixes).
- commit 8e1bbd0
- net_sched: ets: Fix double list add in class with netem as
child qdisc (git-fixes).
- commit 2e9fa99
- net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (git-fixes).
- commit 3f5a489
- net_sched: drr: Fix double list add in class with netem as
child qdisc (git-fixes).
- commit 4947830
- ax25: Fix refcount leak caused by setting SO_BINDTODEVICE
sockopt (CVE-2025-21792 bsc#1238745).
- commit 2ffce83
- ipv6: mcast: add RCU protection to mld_newpack() (CVE-2025-21758
bsc#1238737).
- commit 4b8b3e5
- Bluetooth: btusb: avoid NULL pointer dereference in
skb_dequeue() (git-fixes).
- wifi: brcm80211: fmac: Add error handling for
brcmf_usb_dl_writeimage() (git-fixes).
- wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release
(git-fixes).
- commit 470cfc0
- net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
(CVE-2025-21768 bsc#1238714).
- commit ed713b9
- kABI workaround struct rcu_head and ax25_ptr (CVE-2025-21812
bsc#1238471).
- commit 714a2d7
- btrfs: fix block group refcount race in
btrfs_create_pending_block_groups() (bsc#1241578
CVE-2025-22115).
- commit 1f7a10d
- Refresh
patches.kabi/kabi-fix-for-bpf-Prevent-tailcall-infinite-loop-caus.patch.
Piggyback kABI workaround for "struct bpf_subprog_info" for upstream
commit 51081a3f25c7 "bpf: track changes_pkt_data property for global
functions".
- commit bf7c4bc
- Add missing bugzilla references (CVE-2025-22105 bsc#1241548 CVE-2025-37860 bsc#1241452)
- commit 00ec2e2
- atm: Fix NULL pointer dereference (CVE-2025-22018 bsc#1241266)
- commit 8ef48c7
- bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (CVE-2024-58070 bsc#1238983)
- commit 335e132
- iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833, bsc#1239108).
- commit 069abee
- sfc: fix NULL dereferences in ef100_process_design_param()
(CVE-2025-37860).
- net: mvpp2: Prevent parser TCAM memory corruption
(CVE-2025-22060 bsc#1241526).
- bonding: check xdp prog when set bond mode (CVE-2025-22105).
- bonding: return detailed error when loading native XDP fails
(CVE-2025-22105).
- commit 1110c2d
- ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
(bsc#1242044).
- commit 43160c9
- Correct the upsteram version numbers in the previous patches
- commit 6f72baf
- mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe
(git-fixes).
- platform/x86/intel-uncore-freq: Fix missing uncore sysfs during
CPU hotplug (git-fixes).
- commit f912ebf
- Require zstd in kernel-default-devel when module compression is zstd
To use ksym-provides tool modules need to be uncompressed.
Without zstd at least kernel-default-base does not have provides.
Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- commit a3262dd
- net: ibmveth: make veth_pool_store stop hanging (CVE-2025-22053
bsc#1241373).
- commit 509c07e
- powerpc/boot: Fix dash warning (bsc#1215199).
- commit aeb4455
- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
bsc#1241378).
- commit f780e88
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
(CVE-2025-22045 bsc#1241433).
- commit 1e24dab
- powerpc/boot: Check for ld-option support (bsc#1215199).
- commit 333e1e5
- selftests/bpf: extend changes_pkt_data with cases w/o
subprograms (bsc#1241590).
- bpf: fix null dereference when computing changes_pkt_data of
prog w/o subprogs (bsc#1241590).
- selftests/bpf: validate that tail call invalidates packet
pointers (bsc#1241590).
- bpf: consider that tail calls invalidate packet pointers
(bsc#1241590).
- selftests/bpf: freplace tests for tracking of
changes_packet_data (bsc#1241590).
- bpf: check changes_pkt_data property for extension programs
(bsc#1241590).
- Refresh patches.kabi/kabi-fix-for-bpf-Prevent-tailcall-infinite-loop-caus.patch
- selftests/bpf: test for changing packet data from global
functions (bsc#1241590).
- bpf: track changes_pkt_data property for global functions
(bsc#1241590).
- bpf: refactor bpf_helper_changes_pkt_data to use helper number
(bsc#1241590).
- bpf: add find_containing_subprog() utility function
(bsc#1241590).
- commit e531d2b
- Update
patches.suse/memstick-rtsx_usb_ms-Fix-slab-use-after-free-in-rtsx.patch
(bsc#1241280 CVE-2025-22020).
Added CVE reference
- commit 80d99d3
- enable IMA (bsc#1240617)
- commit 8a22da8
- Fixup breakage in ext2 introduced by backporting in:
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch.
- commit b7c808a
- cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error
path (git-fixes).
- eth: bnxt: fix missing ring index trim on error path
(git-fixes).
- igc: add lock preventing multiple simultaneous PTM transactions
(git-fixes).
- igc: cleanup PTP module if probe fails (git-fixes).
- igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes).
- igc: move ktime snapshot into PTM retry loop (git-fixes).
- igc: increase wait time before retrying PTM (git-fixes).
- igc: fix PTM cycle trigger logic (git-fixes).
- idpf: fix adapter NULL pointer dereference on reboot
(git-fixes).
- e1000e: change k1 configuration on MTP and later platforms
(git-fixes).
- gve: handle overflow when reporting TX consumed descriptors
(git-fixes).
- net/mlx5e: SHAMPO, Make reserved size independent of page size
(git-fixes).
- vdpa/mlx5: Fix oversized null mkey longer than 32bit
(git-fixes).
- idpf: check error for register_netdev() on init (git-fixes).
- ice: stop truncating queue ids when checking (git-fixes).
- virtchnl: make proto and filter action count unsigned
(git-fixes).
- ice: fix reservation of resources for RDMA when disabled
(git-fixes).
- net/mlx5: Start health poll after enable hca (git-fixes).
- bnxt_en: Linearize TX SKB if the fragments exceed the max
(git-fixes).
- bnxt_en: Mask the bd_cnt field in the TX BD properly
(git-fixes).
- net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context
(git-fixes).
- igb: reject invalid external timestamp requests for 82580-based
HW (git-fixes).
- net/mlx5e: Prevent bridge link show failure for
non-eswitch-allowed devices (git-fixes).
- net/mlx5: Lag, Check shared fdb before creating MultiPort
E-Switch (git-fixes).
- net/mlx5: Fill out devlink dev info only for PFs (git-fixes).
- net/mlx5: IRQ, Fix null string in debug print (git-fixes).
- gve: set xdp redirect target only when it is available
(git-fixes).
- ice: Add check for devm_kzalloc() (git-fixes).
- commit 8b3f5c6
- ext4: fix OOB read when checking dotdot dir (bsc#1241640
CVE-2025-37785).
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
(bsc#1241593 CVE-2025-22121).
- proc: fix UAF in proc_get_inode() (bsc#1240802 CVE-2025-21999).
- fs: relax assertions on failure to encode file handles
(bsc#1236086 CVE-2024-57924).
- commit 0e972d0
- net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926
bsc#1240712).
- commit a0db76b
- jfs: add sanity check for agwidth in dbMount (git-fixes).
- commit 8faa28a
- jfs: Prevent copying of nlink with value 0 from disk inode
(git-fixes).
- commit eea1d40
- fs/jfs: Prevent integer overflow in AG size calculation
(git-fixes).
- commit fce66a4
- fs/jfs: cast inactags to s64 to prevent potential overflow
(git-fixes).
- commit 8b1cc16
- jfs: Fix uninit-value access of imap allocated in the diMount()
function (git-fixes).
- commit 5b527ae
- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
(git-fixes).
- drm/amd/display: Fix gpu reset in multidisplay config
(git-fixes).
- Revert "drm/meson: vclk: fix calculation of 59.94 fractional
rates" (git-fixes).
- commit 9f8b470
- block: integrity: Do not call set_page_dirty_lock() (git-fixes).
- loop: stop using vfs_iter_{read,write} for buffered I/O
(git-fixes).
- loop: LOOP_SET_FD: send uevents for partitions (git-fixes).
- loop: properly send KOBJ_CHANGED uevent for disk device
(git-fixes).
- block: fix resource leak in blk_register_queue() error path
(git-fixes).
- block: make sure ->nr_integrity_segments is cloned in
blk_rq_prep_clone (git-fixes).
- badblocks: fix missing bad blocks on retry in _badblocks_check()
(git-fixes).
- badblocks: fix merge issue when new badblocks align with pre+1
(git-fixes).
- badblocks: fix the using of MAX_BADBLOCKS (git-fixes).
- badblocks: return error if any badblock set fails (git-fixes).
- badblocks: return error directly when setting badblocks exceeds
512 (git-fixes).
- badblocks: Fix error shitf ops (git-fixes).
- blk-throttle: fix lower bps rate by throtl_trim_slice()
(git-fixes).
- block: change blk_mq_add_to_batch() third argument type to bool
(git-fixes).
- block: fix conversion of GPT partition name to 7-bit
(git-fixes).
- ublk: set_params: properly check if parameters can be applied
(git-fixes).
- block: fix 'kmem_cache of name 'bio-108' already exists'
(git-fixes).
- commit 607aa83
- drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is
enabled (git-fixes).
- commit 03063eb
- USB: wdm: add annotation (git-fixes).
- USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context
(git-fixes).
- USB: wdm: close race between wdm_open and wdm_wwan_port_stop
(git-fixes).
- USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes).
- usb: dwc3: gadget: check that event count does not exceed
event buffer length (git-fixes).
- usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes).
- usb: cdns3: Fix deadlock when using NCM gadget (git-fixes).
- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error
handling (git-fixes).
- usb: chipidea: ci_hdrc_imx: fix call balance of regulator
routines (git-fixes).
- serial: sifive: lock port in startup()/shutdown() callbacks
(git-fixes).
- serial: msm: Configure correct working mode before starting
earlycon (git-fixes).
- misc: microchip: pci1xxxx: Fix incorrect IRQ status handling
during ack (git-fixes).
- misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler
registration (git-fixes).
- string: Add load_unaligned_zeropad() code path to
sized_strscpy() (git-fixes).
- kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes).
- Revert "wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue()" (git-fixes).
- wifi: mac80211: Update skb's control block key in
ieee80211_tx_dequeue() (git-fixes).
- selftests/mm: generate a temporary mountpoint for cgroup
filesystem (git-fixes).
- selftests/futex: futex_waitv wouldblock test should fail
(git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset and perst in
power off (git-fixes).
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
(stable-fixes).
- ktest: Fix Test Failures Due to Missing LOG_FILE Directories
(stable-fixes).
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
(stable-fixes).
- wifi: ath12k: Fix invalid data access in
ath12k_dp_rx_h_undecap_nwifi (stable-fixes).
- wifi: ath12k: Fix invalid entry fetch in
ath12k_dp_mon_srng_process (stable-fixes).
- net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes).
- media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes).
- mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two
halves (stable-fixes).
- pm: cpupower: bench: Prevent NULL dereference on malloc failure
(stable-fixes).
- commit b154b2c
- drm/tests: probe-helper: Fix drm_display_mode memory leak
(git-fixes).
- drm/tests: modes: Fix drm_display_mode memory leak (git-fixes).
- drm/tests: cmdline: Fix drm_display_mode memory leak
(git-fixes).
- drm/tests: helpers: Create kunit helper to destroy a
drm_display_mode (stable-fixes).
- drm/i915/gvt: fix unterminated-string-initialization warning
(stable-fixes).
- drm/i915: Disable RPG during live selftest (git-fixes).
- gpio: zynq: Fix wakeup source leaks on device unbind
(stable-fixes).
- drm/amd: Handle being compiled without SI or CIK support better
(stable-fixes).
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power
on/off (stable-fixes).
- drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
(stable-fixes).
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in
amd_powerplay_create() (stable-fixes).
- drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes).
- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
(stable-fixes).
- drm/amdkfd: Fix mode1 reset crash issue (stable-fixes).
- drm/amdkfd: clamp queue size to minimum (stable-fixes).
- drm/amd/display: add workaround flag to link to force FFE preset
(stable-fixes).
- drm/bridge: panel: forbid initializing a panel with unknown
connector type (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini
(Intel) (stable-fixes).
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
(stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
(stable-fixes).
- drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS
and KB (stable-fixes).
- drm: panel-orientation-quirks: Add support for AYANEO 2S
(stable-fixes).
- drm: allow encoder mode_set even when connectors change for crtc
(stable-fixes).
- fbdev: omapfb: Add 'plane' value check (stable-fixes).
- drm/tests: helpers: Fix compiler warning (git-fixes).
- drm/tests: helpers: Add helper for
drm_display_mode_from_cea_vic() (stable-fixes).
- drm/i915/dg2: wait for HuC load completion before running
selftests (stable-fixes).
- drm/tests: Add helper to create mock crtc (stable-fixes).
- commit a0a41da
- char: misc: register chrdev region with all possible minors
(git-fixes).
- Revert "drivers: core: synchronize really_probe() and
dev_uevent()" (stable-fixes).
- Bluetooth: l2cap: Process valid commands in too long frame
(stable-fixes).
- drivers: base: devres: Allow to release group on device release
(stable-fixes).
- Bluetooth: hci_uart: Fix another race during initialization
(git-fixes).
- Bluetooth: hci_uart: fix race during initialization
(stable-fixes).
- cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk
(stable-fixes).
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
(stable-fixes).
- ASoC: amd: yc: update quirk data for new Lenovo model
(stable-fixes).
- ASoC: fsl_audmix: register card device depends on 'dais'
property (stable-fixes).
- ASoC: SOF: topology: Use krealloc_array() to replace krealloc()
(stable-fixes).
- ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes).
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
(stable-fixes).
- ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
(stable-fixes).
- ALSA: hda: intel: Fix Optimus when GPU has no sound
(stable-fixes).
- drm/tests: Add helper to create mock plane (stable-fixes).
- drm/tests: helpers: Add atomic helpers (stable-fixes).
- drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+
(stable-fixes).
- commit 58c19a1
- Update
patches.suse/vmxnet3-unregister-xdp-rxq-info-in-the-reset-path.patch
(bsc#1241394 CVE-2025-22106 bsc#1241547).
- commit a998629
- mm: (un)track_pfn_copy() fix + doc improvements (CVE-2025-22090
bsc#1241537).
- commit 1ccdfdd
- x86/mm/pat: Fix VM_PAT handling when fork() fails in
copy_page_range() (CVE-2025-22090 bsc#1241537).
- commit f0ac623
- exfat: fix random stack corruption after get_block (bsc#1241426
CVE-2025-22036).
- commit 1f685c3
- exfat: do not fallback to buffered write (git-fixes).
- commit f7d2bc8
- exfat: drop ->i_size_ondisk (git-fixes).
- commit 9420be9
- fs/ntfs3: Prevent integer overflow in hdr_first_de()
(bsc#1241416 CVE-2025-22080).
- commit 401237e
- clk: samsung: Fix UBSAN panic in samsung_clk_init()
(CVE-2025-39728 bsc#1241626).
- commit 146debe
- net: phy: leds: fix memory leak (git-fixes).
- net: phy: microchip: force IRQ polling mode for lan88xx
(git-fixes).
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
(git-fixes).
- commit 007e98d
- net: ethtool: Don't call .cleanup_data when prepare_data fails
(git-fixes).
- ethtool: Fix set RXNFC command with symmetric RSS hash
(git-fixes).
- ethtool: Fix wrong mod state in case of verbose and no_mask
bitset (git-fixes).
- ethtool: Fix context creation with no parameters (git-fixes).
- ethtool: fix setting key and resetting indir at once
(git-fixes).
- ethtool: rss: echo the context number back (git-fixes).
- net: ethtool: Fix RSS setting (git-fixes).
- ethtool: netlink: do not return SQI value if link is down
(git-fixes).
- ethtool: netlink: Add missing ethnl_ops_begin/complete
(git-fixes).
- ethtool: don't propagate EOPNOTSUPP from dumps (git-fixes).
- ethtool: plca: fix plca enable data type while parsing the value
(git-fixes).
- commit 6a09a48
- OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961)
- commit 2e43a01
- Test the correct macro to detect RT kernel build
Fixes: 470cd1a41502 ("kernel-binary: Support livepatch_rt with merged RT branch")
- commit 50e863e
- mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111
CVE-2025-21696).
Refreshed:
patches.suse/mm-hugetlb-Add-huge-page-size-param-to-huge_ptep_get_and_clear.patch
- commit e18d57e
- bpf: Make sure internal and UAPI bpf_redirect flags don't
overlap (bsc#1233098 CVE-2024-50163).
- commit f73adfb
- bpf: selftests: send packet to devmap redirect XDP (bsc#1233075
CVE-2024-50162).
- bpf: devmap: provide rxq after redirect (bsc#1233075
CVE-2024-50162).
- commit efb272f
- mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111
CVE-2025-21696).
Refreshed:
patches.suse/mm-hugetlb-Add-huge-page-size-param-to-huge_ptep_get_and_clear.patch
- commit 559ab65
- mm/migrate: fix shmem xarray update during migration
(CVE-2025-22015 bsc#1240944).
- commit 18f748b
- fou: fix initialization of grc (CVE-2024-46763 bsc#1230764).
- commit c144530
- kernel-source: Also update the search to match bin/env
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit bae6b69
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
Both spellings are actually used
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- commit d9e0b30
- fou: Fix null-ptr-deref in GRO (CVE-2024-46763 bsc#1230764).
- commit 759f2a9
- hwpoison, memory_hotplug: lock folio before unmap hwpoisoned
folio (CVE-2025-21931 bsc#1240709).
- commit 1ece281
- net: fix geneve_opt length integer overflow (CVE-2025-22055
bsc#1241371).
- commit 45017c8
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
(git-fixes).
- irqchip/davinci: Remove leftover header (git-fixes).
- tty: n_tty: use uint for space returned by tty_write_room()
(git-fixes).
- commit 2e047cb
- kABI fix for sctp: detect and prevent references to a freed
transport in sendmsg (git-fixes).
- commit ce43999
- wifi: ath11k: update channel list in reg notifier instead reg
worker (CVE-2025-23133 bsc#1241451).
- commit dfc599a
- exfat: short-circuit zero-byte writes in exfat_file_write_iter
(git-fixes).
- commit c31ee51
- exfat: fix soft lockup in exfat_clear_bitmap (git-fixes).
- commit 527ed08
- nfsd: decrease sc_count directly if fail to queue dl_recall
(git-fixes).
- commit 91b68ee
- nfs: add missing selections of CONFIG_CRC32 (git-fixes).
- commit f409d6e
- nvmet-fcloop: swap list_add_tail arguments (git-fixes).
- nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes).
- nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
(git-fixes).
- nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes).
- nvme-pci: skip CMB blocks incompatible with PCI P2P DMA
(git-fixes).
- nvme-pci: clean up CMBMSC when registering CMB fails
(git-fixes).
- nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes).
- commit bf9d0e5
- Move upstreamed smb patch into sorted section
Also move other out-of-tree patches into the proper section
- commit ba77adc
- rpm/kernel-binary.spec.in: revert the revert change with OrderWithRequires
The recent change using OrderWithRequires addresses the known issues,
but also caused regressions for the existing image or package builds.
For SLE15-SPx, better to be conservative and stick with the older way.
- commit bbe05e4
- Refresh
patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch.
scripts/gen-suse_version_h.sh requires bash, yet in Makefile
CONFIG_SHELL is defined to 'sh'. In openSUSE and SUSE products 'sh' is a
symbolic link to 'bash', hence this isn't a problem. However
distributions like Debian and Ubuntu 'sh' is symbolically linked to
'dash' instead, and gen-suse_version_h.sh will fail to run with
./scripts/gen-suse_version_h.sh: 3: Syntax error: "(" unexpected
make[1]: *** [/home/runner/work/libbpf/libbpf/.kernel/Makefile:1135: include/generated/uapi/linux/suse_version.h] Error 2
make: *** [Makefile:224: __sub-make] Error 2
Explicitly use bash to run scripts/gen-suse_version_h.sh to make sure
it will always work.
- commit 2be3c0f
- scsi: iscsi: Fix missing scsi_host_put() in error path
(git-fixes).
- scsi: hisi_sas: Enable force phy when SATA disk directly
connected (git-fixes).
- scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag
(git-fixes).
- scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes).
- scsi: mpt3sas: Fix a locking bug in an error path (git-fixes).
- scsi: mpi3mr: Fix locking in an error path (git-fixes).
- scsi: mpt3sas: Reduce log level of ignore_delay_remove message
to KERN_INFO (git-fixes).
- scsi: core: Use GFP_NOIO to avoid circular locking dependency
(git-fixes).
- commit c9f2a96
- net: annotate data-races around sk->sk_tx_queue_mapping
(git-fixes).
- commit 39ebbf2
- sctp: detect and prevent references to a freed transport in
sendmsg (git-fixes).
- commit 1334236
- sctp: add mutual exclusion in proc_sctp_do_udp_port()
(git-fixes).
- commit 711cff2
- sctp: Fix undefined behavior in left shift operation
(git-fixes).
- commit a1edf61
- netpoll: Use rcu_access_pointer() in netpoll_poll_lock
(git-fixes).
- commit 4965a27
- tcp: fix mptcp DSS corruption due to large pmtu xmit
(git-fixes).
- commit ba5be47
- sctp: ensure sk_state is set to CLOSED if hashing fails in
sctp_listen_start (git-fixes).
- commit a7b311d
- sctp: fix association labeling in the duplicate COOKIE-ECHO case
(git-fixes).
- commit f2ab0aa
- sctp: prefer struct_size over open coded arithmetic (git-fixes).
- commit e26aab9
- net: blackhole_dev: fix build warning for ethh set but not used
(git-fixes).
- commit 9f9bf2f
- net: sctp: fix skb leak in sctp_inq_free() (git-fixes).
- commit ef140e3
- sctp: fix busy polling (git-fixes).
- commit 533e122
- sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes).
- commit 1e9a8f7
- i2c: cros-ec-tunnel: defer probe if parent EC is not present
(git-fixes).
- commit 68f8146
- vmxnet3: unregister xdp rxq info in the reset path
(bsc#1241394).
- vmxnet3: Fix tx queue race condition with XDP (bsc#1241394).
- commit d09ed0e
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
(git-fixes).
- commit 53f07fb
- Refresh patches.suse/ALSA-hda-realtek-Workaround-for-resume-on-Dell-Venue.patch
The patch was applied incorrectly to a wrong device
- commit cf41ba6
- Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes).
- wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes).
- wifi: mac80211: Purge vif txq in ieee80211_do_stop()
(git-fixes).
- wifi: at76c50x: fix use after free access in at76_disconnect
(git-fixes).
- Bluetooth: l2cap: Check encryption key size on incoming
connection (git-fixes).
- Bluetooth: btrtl: Prevent potential NULL dereference
(git-fixes).
- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for
invalid address (git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
(git-fixes).
- ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes).
- ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
(git-fixes).
- ASoC: qcom: Fix sc7280 lpass potential buffer overflow
(git-fixes).
- asus-laptop: Fix an uninitialized variable (git-fixes).
- ata: libata-sata: Save all fields from sense data descriptor
(git-fixes).
- commit b064ee6
- smb: client: fix folio leaks and perf improvements (bsc#1239997,
bsc1241265).
- commit 3640faf
- net: mark racy access on sk->sk_rcvbuf (git-fixes).
- commit c7df85a
- net: set SOCK_RCU_FREE before inserting socket into hashtable
(git-fixes).
- commit 469342f
- net: annotate data-races around sk->sk_dst_pending_confirm
(git-fixes).
- commit ddac370
- Refresh patches.suse/x86-paravirt-Move-halt-paravirt-calls-under-CONFIG_PARAVIR.patch.
This fixes a build error
- commit 885e121
- ipv4: fib: annotate races around nh->nh_saddr_genid and
nh->nh_saddr (git-fixes).
- commit 42e44b7
- rpm/kernel-binary.spec.in: Also order against update-bootloader
(boo#1228659, boo#1240785, boo#1241038).
- commit fe0a8c9
- crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes).
- commit 004010d
- selftests/bpf: Add a few tests to cover (git-fixes).
- bpf: Add missed var_off setting in coerce_subreg_to_size_sx()
(git-fixes).
- bpf: Add missed var_off setting in set_sext32_default_val()
(git-fixes).
- commit 07fae33
- Drop PCI patch that caused a regression (bsc#1241123)
The patch patches.suse/PCI-Avoid-reset-when-disabled-via-sysfs.patch
seems causing a regression about missing device passthrough on VM.
Drop it to address the regression.
- commit 5845d87
- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
(bsc#1240181 CVE-2025-21867).
- commit 82a6d4f
- Revert commit (bsc#1241051)
Delete
patches.suse/mm-various-give-up-if-pte_offset_map-_lock-fails.patch.
- commit c63b737
- rpm/package-descriptions: Add rt and rt_debug descriptions
- commit 09573c0
- fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64()
(bsc#1241250).
- commit a11e79b
- x86/microcode/AMD: Split load_microcode_amd() (git-fixes).
- Refresh
patches.suse/x86-microcode-AMD-Fix-out-of-bounds-on-systems-with-.patch.
- commit e4a11da
- x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes).
- commit 581b74c
- x86/microcode/intel: Set new revision only after a successful update (git-fixes).
- commit 7ef0614
- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes).
- commit 0584d8b
- btrfs: fix hole expansion when writing at an offset beyond EOF
(bsc#1241151).
- btrfs: fix swap file activation failure due to extents that
used to be shared (bsc#1241204).
- btrfs: fix race with memory mapped writes when activating swap
file (bsc#1241204).
- btrfs: fix missing snapshot drew unlock when root is dead
during swap activation (bsc#1241204).
- btrfs: add and use helper to verify the calling task has locked
the inode (bsc#1241204).
- commit d9b6443
- sched: address a potential NULL pointer dereference in the
GRED scheduler (CVE-2025-21980 bsc#1240809).
- commit ce44194
- net: atm: fix use after free in lec_send() (CVE-2025-22004
bsc#1240835).
- commit 0623761
- llc: do not use skb_get() before dev_queue_xmit()
(CVE-2025-21925 bsc#1240713).
- commit 79eced9
- tools/power turbostat: report CoreThr per measurement interval
(git-fixes).
- commit d3776d1
- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes).
- Refresh
patches.suse/x86-microcode-AMD-Flush-patch-buffer-mapping-after-applica.patch.
- commit 88521da
- x86/microcode: Rework early revisions reporting (git-fixes).
- Refresh
patches.suse/x86-microcode-AMD-Flush-patch-buffer-mapping-after-applica.patch.
- commit 4d17d9e
- ax25: rcu protect dev->ax25_ptr (CVE-2025-21812 bsc#1238471).
- commit 5fd1fff
- x86/microcode: Remove the driver announcement and version (git-fixes).
- commit 46995b1
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- commit d56cfaf
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- commit d95d976
- Refresh
patches.suse/ipv6-remove-hard-coded-limitation-on-ipv6_pinfo.patch.
- commit 0200f55
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
(git-fixes).
- commit 6eab8d6
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- commit df4a06f
- x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes).
- commit 3abf82a
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes).
- commit 9a5f9b4
- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes).
- commit a987e8f
- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes).
- commit b668be3
- x86/bugs: Add RSB mitigation document (git-fixes).
- commit b8dad0f
- x86/bugs: Don't fill RSB on context switch with eIBRS (git-fixes).
- commit 187dbce
- x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline (git-fixes).
- commit 4f16d88
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- commit fb3ed54
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- commit 4702713
- x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes).
- commit 05f7f50
- selftest/bpf: Add vsock test for sockmap rejecting unconnected
(bsc#1239470 CVE-2025-21854).
- selftest/bpf: Adapt vsock_delete_on_close to sockmap rejecting
unconnected (bsc#1239470 CVE-2025-21854).
- vsock/bpf: Warn on socket without transport (bsc#1239470
CVE-2025-21854).
- commit 9aa107b
- tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192
(bsc#1241175).
- commit b06e876
- sockmap, vsock: For connectible sockets allow only connected
(bsc#1239470 CVE-2025-21854).
- bpf: sockmap, test for unconnected af_unix sock (bsc#1239470
CVE-2025-21854).
- Refresh patches.suse/selftest-bpf-Add-test-for-af_vsock-poll.patch
- bpf: syzkaller found null ptr deref in unix_bpf proto add
(bsc#1239470 CVE-2025-21854).
- Refresh patches.suse/udp-fix-busy-polling.patch
- Refresh
patches.suse/bpf-sockmap-SK_DROP-on-attempted-redirects-of-unsupported-.patch
- commit 62e8475
- bpf, vsock: Invoke proto::close on close() (bsc#1239470 CVE-2025-21854).
- Refresh
patches.suse/vsock-Keep-the-binding-until-socket-destruction.patch.
- Refresh patches.suse/vsock-Orphan-socket-after-transport-release.patch
- commit a88600e
- selftest/bpf: Add test for vsock removal from sockmap on close()
(bsc#1239470 CVE-2025-21854).
- selftest/bpf: Add test for af_vsock poll() (bsc#1239470
CVE-2025-21854).
- bpf, vsock: Fix poll() missing a queue (bsc#1239470
CVE-2025-21854).
- commit 43f792d
- RDMA/core: Silence oversized kvmalloc() warning (git-fixes)
- commit 0801938
- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes)
- commit 8be4a6f
- RDMA/hns: Fix wrong maximum DMA segment size (git-fixes)
- commit 9a0c549
- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes)
- commit 7bf895d
- net: xdp: Disallow attaching device-bound programs in generic
mode (bsc#1238742 CVE-2025-21808).
- commit c2feb9e
- md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212)
Also reenable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch
- commit 22ce219
- bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088 bsc#1239510)
- commit a5b985f
- dpll: fix xa_alloc_cyclic() error handling (CVE-2025-22016 bsc#1240934)
- commit 2521b46
- devlink: fix xa_alloc_cyclic() error handling (CVE-2025-22017 bsc#1240936)
- commit 6e391e8
- zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with
TIF_SIGPENDING (bsc#1241167).
- commit 2fe69fb
- caif_virtio: fix wrong pointer check in cfv_probe()
(CVE-2025-21904 bsc#1240576).
- commit 9a83e3e
- Refresh
patches.kabi/kABI-fix-for-ipv6-remove-hard-coded-limitation-on-ip.patch.
- commit 81847b0
- xfs: flush inodegc before swapon (git-fixes).
- commit c599968
- net: mana: Switch to page pool for jumbo frames (git-fixes).
- RDMA/mana_ib: Ensure variable err is initialized (git-fixes).
- x86/hyperv: Fix check of return value from snp_set_vmsa()
(git-fixes).
- commit 2b709c0
- pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes).
- pwm: rcar: Improve register calculation (git-fixes).
- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
(git-fixes).
- commit 9d83cd0
- ata: sata_sx4: Add error handling in pdc20621_i2c_read()
(git-fixes).
- ata: pata_pxa: Fix potential NULL pointer dereference in
pxa_ata_probe() (git-fixes).
- commit dcc1d06
- kABI workaround for powercap update (bsc#1241010).
- commit 6da4ad4
- drm/amd/display: Fix out-of-bound accesses (bsc#1240811 CVE-2025-21985)
- commit f9ae89c
- Revert "tcp: Fix bind() regression for v6-only wildcard and"
This reverts commit 10a8fd3005bd56ac305a4a4e9bf53cfc50aad28f.
This patch is part of a bigger series [0] and AFAIU can't be applied
individually. Applying the entire series would result in kABI breakage.
[0]
https://lore.kernel.org/all/20231213082029.35149-1-kuniyu@amazon.com/
- commit 9692530
- Update
patches.suse/Bluetooth-Add-check-for-mgmt_alloc_skb-in-mgmt_devic.patch
(git-fixes CVE-2025-21936 bsc#1240716).
- Update
patches.suse/Bluetooth-Add-check-for-mgmt_alloc_skb-in-mgmt_remot.patch
(git-fixes CVE-2025-21937 bsc#1240643).
- Update
patches.suse/Bluetooth-Fix-error-code-in-chan_alloc_skb_cb.patch
(git-fixes CVE-2025-22007 bsc#1240829).
- Update
patches.suse/HID-appleir-Fix-potential-NULL-dereference-at-raw-ev.patch
(git-fixes CVE-2025-21948 bsc#1240703).
- Update
patches.suse/HID-hid-steam-Fix-use-after-free-when-detaching-devi.patch
(git-fixes CVE-2025-21923 bsc#1240691).
- Update
patches.suse/HID-ignore-non-functional-sensor-in-HP-5MP-Camera.patch
(stable-fixes CVE-2025-21992 bsc#1240796).
- Update
patches.suse/HID-intel-ish-hid-Fix-use-after-free-issue-in-ishtp_.patch
(git-fixes CVE-2025-21928 bsc#1240722).
- Update
patches.suse/KVM-arm64-Unconditionally-save-flush-host-FPSIMD-SVE-SME-state.patch
(git-fixes CVE-2025-22013 bsc#1240938).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-during-bt-pages-loop.patch
(git-fixes CVE-2025-22010 bsc#1240943).
- Update
patches.suse/accel-qaic-Fix-integer-overflow-in-qaic_validate_req.patch
(git-fixes CVE-2025-22001 bsc#1240873).
- Update
patches.suse/bus-mhi-host-pci_generic-Use-pci_try_reset_function-.patch
(git-fixes CVE-2025-21951 bsc#1240718).
- Update
patches.suse/can-ucan-fix-out-of-bound-read-in-strscpy-source.patch
(git-fixes CVE-2025-22003 bsc#1240825).
- Update
patches.suse/cdx-Fix-possible-UAF-error-in-driver_override_show.patch
(git-fixes CVE-2025-21915 bsc#1240594).
- Update
patches.suse/dm-flakey-Fix-memory-corruption-in-optional-corrupt_.patch
(git-fixes CVE-2025-21966 bsc#1240779).
- Update
patches.suse/drivers-virt-acrn-hsm-Use-kzalloc-to-avoid-info-leak.patch
(git-fixes CVE-2025-21950 bsc#1240719).
- Update
patches.suse/drm-amd-display-Assign-normalized_pix_clk-when-color.patch
(stable-fixes CVE-2025-21956 bsc#1240739).
- Update
patches.suse/drm-amd-display-Fix-null-check-for-pipe_ctx-plane_st-374c9fa.patch
(git-fixes CVE-2025-21941 bsc#1240701).
- Update
patches.suse/drm-amd-display-Fix-slab-use-after-free-on-hdcp_work.patch
(git-fixes CVE-2025-21968 bsc#1240783).
- Update
patches.suse/drm-hyperv-Fix-address-space-leak-when-Hyper-V-DRM-d.patch
(git-fixes CVE-2025-21978 bsc#1240806).
- Update
patches.suse/drm-radeon-fix-uninitialized-size-issue-in-radeon_vc.patch
(git-fixes CVE-2025-21996 bsc#1240801).
- Update
patches.suse/drm-sched-Fix-fence-reference-count-leak.patch
(git-fixes CVE-2025-21995 bsc#1240821).
- Update
patches.suse/gpio-aggregator-protect-driver-attr-handlers-against.patch
(git-fixes CVE-2025-21943 bsc#1240647).
- Update
patches.suse/gpio-rcar-Use-raw_spinlock-to-protect-register-acces.patch
(stable-fixes CVE-2025-21912 bsc#1240584).
- Update
patches.suse/msft-hv-3170-net-mana-cleanup-mana-struct-after-debugfs_remove.patch
(git-fixes CVE-2025-21953 bsc#1240727).
- Update
patches.suse/net_sched-Prevent-creation-of-classes-with-TC_H_ROOT.patch
(git-fixes CVE-2025-21971 bsc#1240799).
- Update
patches.suse/nvme-tcp-fix-potential-memory-corruption-in-nvme_tcp.patch
(git-fixes CVE-2025-21927 bsc#1240714).
- Update
patches.suse/rapidio-add-check-for-rio_add_net-in-rio_scan_alloc_.patch
(git-fixes CVE-2025-21935 bsc#1240700).
- Update
patches.suse/rapidio-fix-an-API-misues-when-rio_add_net-fails.patch
(git-fixes CVE-2025-21934 bsc#1240708).
- Update
patches.suse/regulator-check-that-dummy-regulator-has-been-probed.patch
(stable-fixes CVE-2025-22008 bsc#1240942).
- Update
patches.suse/regulator-dummy-force-synchronous-probing.patch
(git-fixes CVE-2025-22009 bsc#1240940).
- Update
patches.suse/slimbus-messaging-Free-transaction-ID-in-delayed-int.patch
(git-fixes CVE-2025-21914 bsc#1240595).
- Update
patches.suse/soc-qcom-pdr-Fix-the-potential-deadlock.patch
(git-fixes CVE-2025-22014 bsc#1240937).
- Update
patches.suse/usb-atm-cxacru-fix-a-flaw-in-existing-endpoint-check.patch
(git-fixes CVE-2025-21916 bsc#1240582).
- Update
patches.suse/usb-renesas_usbhs-Flush-the-notify_hotplug_work.patch
(git-fixes CVE-2025-21917 bsc#1240596).
- Update patches.suse/usb-typec-ucsi-Fix-NULL-pointer-access.patch
(git-fixes CVE-2025-21918 bsc#1240592).
- Update
patches.suse/wifi-cfg80211-cancel-wiphy_work-before-freeing-wiphy.patch
(git-fixes CVE-2025-21979 bsc#1240808).
- Update
patches.suse/wifi-cfg80211-regulatory-improve-invalid-hints-check.patch
(git-fixes CVE-2025-21910 bsc#1240583).
- Update
patches.suse/wifi-iwlwifi-limit-printed-string-from-FW-file.patch
(git-fixes CVE-2025-21905 bsc#1240575).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-try-to-talk-to-a-dead-firmwar.patch
(git-fixes CVE-2025-21930 bsc#1240715).
- Update
patches.suse/wifi-nl80211-reject-cooked-mode-if-it-is-set-along-w.patch
(git-fixes CVE-2025-21909 bsc#1240590).
- commit a467018
- affs: don't write overlarge OFS data block size fields
(git-fixes).
- commit 334bc15
- affs: generate OFS sequence numbers starting at 1 (git-fixes).
- commit f93c833
- nfsd: put dl_stid if fail to queue dl_recall (git-fixes).
- commit 4b6b673
- security, lsm: Introduce security_mptcp_add_subflow()
(bsc#1240375).
- Refresh
patches.suse/net-better-track-kernel-sockets-lifetime.patch.
- commit bd8699b
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- commit c784a67
- powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010).
- commit 2a705e9
- powercap: intel_rapl: Introduce APIs for PMU support
(bsc#1241010).
- commit b0e2847
- drm/amd: Keep display off while going into S4 (stable-fixes).
- Refresh
patches.suse/drm-amd-display-Restore-correct-backlight-brightness.patch.
- commit e9996bf
- drm/sti: remove duplicate object names (git-fixes).
- drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes).
- drm/amd/pm/smu11: Prevent division by zero (git-fixes).
- drm/amdgpu/dma_buf: fix page_link check (git-fixes).
- drm/i915/huc: Fix fence not released on early probe errors
(git-fixes).
- gpio: tegra186: fix resource handling in ACPI probe path
(git-fixes).
- mtd: rawnand: Add status chack in r852_ready() (git-fixes).
- mtd: inftlcore: Add error check for inftl_read_oob()
(git-fixes).
- ntb: use 64-bit arithmetic for the MSI doorbell mask
(git-fixes).
- ntb_hw_switchtec: Fix shift-out-of-bounds in
switchtec_ntb_mw_set_trans (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
(stable-fixes).
- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes).
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
(stable-fixes).
- wifi: mac80211: flush the station before moving it to
UN-AUTHORIZED state (stable-fixes).
- platform/x86/intel/vsec: Add Diamond Rapids support
(stable-fixes).
- platform/x86: intel-hid: fix volume buttons on Microsoft
Surface Go 4 tablet (stable-fixes).
- wifi: brcmfmac: keep power during suspend if board requires it
(stable-fixes).
- wifi: iwlwifi: mvm: use the right version of the rate API
(stable-fixes).
- wifi: iwlwifi: fw: allocate chained SG tables for dump
(stable-fixes).
- HID: i2c-hid: improve i2c_hid_get_report error message
(stable-fixes).
- ntb: Force physically contiguous allocation of rx ring buffers
(git-fixes).
- ntb_perf: Fix printk format (git-fixes).
- commit a733ec5
- netfilter: br_netfilter: skip conntrack input hook for promisc
packets (CVE-2024-27415 bsc#1224757).
- commit 01cefc0
- kabi: restore layout of struct nf_ct_hook after backport of
commit 62e7151ae3eb (CVE-2024-27415 bsc#1224757).
- netfilter: bridge: confirm multicast packets before passing
them up the stack (CVE-2024-27415 bsc#1224757).
- commit 69425e5
- netfilter: xtables: fix typo causing some targets not to load
on IPv6 (CVE-2024-50038 bsc#1231910).
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed
(CVE-2024-50038 bsc#1231910).
- commit 9ec5161
- net: mctp: unshare packets when reassembling (CVE-2025-21972
bsc#1240813).
- commit 5878b19
- Reapply "Merge remote-tracking branch 'origin/users/sjaeckel/SLE15-SP6/for-next' into SLE15-SP6"
This reverts commit 9b78ca60e10c64a737b9db2b85fdd944daac6ae6.
- commit 157dbaf
- net/tcp: refactor tcp_inet6_sk() (git-fixes).
- commit 459f538
- ntb_perf: Delete duplicate dmaengine_unmap_put() call in
perf_copy_chunk() (git-fixes).
- commit eeb7f74
- ntb: intel: Fix using link status DB's (git-fixes).
- commit a988a90
- s390/cio: Fix CHPID "configure" attribute caching (git-fixes
bsc#1240979).
- commit a947a32
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes
bsc#1240978).
- commit 610fa90
- wifi: ath11k: fix memory leak in ath11k_xxx_remove()
(git-fixes).
- Refresh
patches.suse/wifi-ath11k-choose-default-PM-policy-for-hibernation.patch.
- Refresh
patches.suse/wifi-ath11k-support-non-WoWLAN-mode-suspend-as-well.patch.
- commit 5ef71a9
- Update upstream status for ath11k patches
- commit 42fd2e8
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
We now have LD_CAN_USE_KEEP_IN_OVERLAY since commit:
e7607f7d6d81 ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
- commit 7b55ff2
- perf tools: annotate asm_pure_loop.S (bsc#1239906).
- commit a3afe13
- perf/core: Order the PMU list to fix warning about unordered
pmu_ctx_list (bsc#1240585 CVE-2025-21895).
- commit c393384
- io_uring/kbuf: reallocate buf lists on upgrade (CVE-2025-21836
bsc#1239066).
- commit 1c3b3b4
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow
a package to inform the order of installation of other package without
hard requiring that package. This means our kernel-binary packages no
longer need to hard require perl-Bootloader or dracut, resolving the
long-commented issue there. This is also needed for udev & systemd-boot
to ensure those packages are installed before being called by dracut
(boo#1228659)
- commit 634be2c
- usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes).
- commit 88d79df
- bpf: avoid holding freeze_mutex during mmap operation
(git-fixes).
- bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic
(git-fixes).
- selftests/bpf: Add test for narrow ctx load for pointer args
(git-fixes).
- bpf: Check size for BTF-based ctx access of pointer members
(git-fixes).
- bpf: Fix theoretical prog_array UAF in __uprobe_perf_func()
(git-fixes).
- bpf: fix potential error return (git-fixes).
- commit 59fa8cd
- tty: serial: 8250: Add Brainboxes XC devices (stable-fixes).
- tty: serial: 8250: Add some more device IDs (stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
(stable-fixes).
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
(stable-fixes).
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
(stable-fixes).
- drm/dp_mst: Add a helper to queue a topology probe
(stable-fixes).
- drm/dp_mst: Factor out function to queue a topology probe work
(stable-fixes).
- commit dcc0903
- scsi: qla1280: Fix kernel oops when debug level > 2 (CVE-2025-21957 bsc#1240742)
- commit bd3922a
- io_uring: prevent opcode speculation (CVE-2025-21863
bsc#1239475).
- commit cf2b4a4
- wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (CVE-2025-21729 bsc#1237874)
- commit dfb7d10
- OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (CVE-2024-58068 bsc#1238961)
- commit b424f57
- net: let net.core.dev_weight always be non-zero (CVE-2025-21806 bsc#1238746)
- commit c6ce075
- Refresh patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch
Drop redundant mutex lock that was forgotten
- commit 8253168
- net/mlx5: Bridge, fix the crash caused by LAG state check
(CVE-2025-21970 bsc#1240819).
- eth: bnxt: do not update checksum in bnxt_xdp_build_skb()
(CVE-2025-21960 bsc#1240815).
- eth: bnxt: fix truesize for mb-xdp-pass case (CVE-2025-21961
bsc#1240816).
- net/mlx5: handle errors in mlx5_chains_create_table()
(CVE-2025-21975 bsc#1240812).
- commit 5bfb0f9
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less
NUMA nodes (CVE-2025-21991 bsc#1240795).
- x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range()
(CVE-2025-21913 bsc#1240591).
- commit 718ae0d
- NFS: fix nfs_release_folio() to not deadlock via kcompactd
writeback (CVE-2025-21908 bsc#1240600).
- commit a2db92f
- kABI workaround for l2cap_conn changes (CVE-2025-21969
bsc#1240784).
- commit 0c8af58
- Bluetooth: L2CAP: Fix corrupted list in hci_chan_del
(CVE-2025-21969 bsc#1240784).
- commit 730e49a
- Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
(CVE-2025-21969 bsc#1240784).
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in
ibft_attr_show_nic() (CVE-2025-21993 bsc#1240797).
- commit 80da9db
- drm/amdgpu/gfx11: fix num_mec (git-fixes).
- drm/amd/pm: Prevent division by zero (git-fixes).
- Input: pm8941-pwrkey - fix dev_dbg() output in
pm8941_pwrkey_irq() (git-fixes).
- Input: synaptics - hide unused smbus_pnp_ids[] array
(git-fixes).
- commit d5f05d8
- powercap: intel_rapl_tpmi: Fix bogus register reading
(git-fixes).
- commit 4482ca3
- powercap: intel_rapl_tpmi: Ignore minor version change
(git-fixes).
- commit 8f97ff8
- powercap: dtpm_devfreq: Fix error check against
dev_pm_qos_add_request() (git-fixes).
- commit 5af8777
- powercap: intel_rapl_tpmi: Fix System Domain probing
(git-fixes).
- commit cb855f9
- usbnet:fix NPE during rx_complete (git-fixes).
- platform/x86: ISST: Correct command storage data length
(git-fixes).
- ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes).
- ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns
(git-fixes).
- ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment
(git-fixes).
- ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error
path (git-fixes).
- firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on
success (git-fixes).
- ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook
model (git-fixes).
- ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook
X515JA (git-fixes).
- commit e1c84cd
- vsock: Orphan socket after transport release (CVE-2025-21755 bsc#1237882)
- commit 6317d55
- tpm_tis: Use responseRetry to recover from data transfer errors
(bsc#1235870).
- commit 6e4dc96
- tpm_tis: Move CRC check to generic send routine (bsc#1235870).
- Refresh patches.suse/tpm_tis-Resend-command-to-recover-from-data-transfer.patch
- commit 66fe063
- Delete patches.suse/tpm-send_data-Wait-longer-for-the-TPM-to-become-read.patch.
To be replaced with upstream fix.
- commit d0fcf25
- rtnetlink: Allocate vfinfo size for VF GUIDs when supported
(bsc#1224013).
- commit 34e3f46
- kernel-binary: Support livepatch_rt with merged RT branch
- commit 470cd1a
- arm64: Don't call NULL in do_compat_alignment_fixup() (git-fixes)
- commit 249080a
- arm64: mm: Correct the update of max_pfn (git-fixes)
- commit b6d4b51
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- commit 2ecc734
- tpm, tpm_tis: Workaround failed command reception on Infineon
devices (bsc#1235870).
- commit cc21438
- ice: fix memory leak in aRFS after reset (CVE-2025-21981
bsc#1240612).
- ppp: Fix KMSAN uninit-value warning with bpf (CVE-2025-21922
bsc#1240639).
- net: hns3: make sure ptp clock is unregister and freed
if hclge_ptp_get_cycle returns an error (CVE-2025-21924
bsc#1240720).
- net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
(CVE-2025-21894 bsc#1240581).
- net: enetc: Replace ifdef with IS_ENABLED (CVE-2025-21894
bsc#1240581).
- commit e9dce38
- wifi: iwlwifi: mvm: clean up ROC on failure (CVE-2025-21906
bsc#1240587).
- commit 887f91d
- lib: scatterlist: fix sg_split_phys to preserve original
scatterlist offsets (git-fixes).
- acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
(git-fixes).
- commit ea68f49
- smb: client: fix open_cached_dir retries with 'hard' mount
option (bsc#1240616).
- commit 504723c
- exfat: fix the infinite loop in exfat_find_last_cluster()
(git-fixes).
- commit 8b30c73
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML
This option is dynamically enabled to build-test different configurations.
This makes run_oldconfig.sh complain sporadically for arm64.
- commit 8fbe8b1
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124
bsc#1234074).
- commit ea48905
- sctp: fix possible UAF in sctp_v6_available() (CVE-2024-53139
bsc#1234157).
- commit 779dfcf
- usb: xhci: correct debug message page size calculation
(git-fixes).
- ucsi_ccg: Don't show failed to get FW build information error
(git-fixes).
- serial: 8250_dma: terminate correct DMA in tx_dma_flush()
(git-fixes).
- tty: serial: fsl_lpuart: disable transmitter before changing
RS485 related registers (git-fixes).
- staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes).
- counter: microchip-tcb-capture: Fix undefined counter channel
state on probe (git-fixes).
- counter: stm32-lptimer-cnt: fix error handling when enabling
(git-fixes).
- ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO
event-handlers (git-fixes).
- objtool: Fix segfault in ignore_unreachable_insn() (git-fixes).
- objtool, media: dib8000: Prevent divide-by-zero in
dib8000_set_dds() (git-fixes).
- objtool, spi: amd: Fix out-of-bounds stack access in
amd_set_spi_freq() (git-fixes).
- counter: fix privdata alignment (git-fixes).
- commit 8ea2563
- Move upstreamed ACPI patch into sorted section
- commit 871d0d6
- tty: serial: lpuart: only disable CTS instead of overwriting
the whole UARTMODIR register (git-fixes).
- PCI: histb: Fix an error handling path in histb_pcie_probe()
(git-fixes).
- PCI: Fix BAR resizing when VF BARs are assigned (git-fixes).
- PCI: Fix reference leak in pci_register_host_bridge()
(git-fixes).
- commit 808a9df
- net: better track kernel sockets lifetime (CVE-2025-21884
bsc#1240171).
- net: Add net_passive_inc() and net_passive_dec() (CVE-2025-21884
bsc#1240171).
- commit 741fa11
- Update
patches.suse/RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch
(git-fixes bsc#1239925).
- Update
patches.suse/kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch
(git-fixes bsc#1239925).
Add bug reference.
- commit 8eef29b
- Revert "Merge remote-tracking branch 'origin/users/sjaeckel/SLE15-SP6/for-next' into SLE15-SP6"
This reverts commit bb7a7b2a95aa93ef5db11cca2317b7fe59e19e38, reversing
changes made to ac2aed10902386a981d430e6af9b7946722682ea.
- commit 9b78ca6
- arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052)
- commit ff26688
- Refresh
patches.suse/net-usb-usbnet-restore-usb-d-name-exception-for-loca.patch.
Moved into place as merged upstream
- commit 098c735
- arch_topology: init capacity_freq_ref to 0 (bsc#1238052)
- commit c70af66
- cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052)
Keep the feature disabled by default on x86_64
- commit 0ffcad3
- cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052)
- commit 7e63d78
- arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052)
- commit eb90de6
- arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052)
- commit 1d57e2b
- arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052)
- commit 3eb3994
- topology: Set capacity_freq_ref in all cases (bsc#1238052)
- commit d357c02
- arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052)
- commit c2cc745
- arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052)
- commit 679001e
- cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052)
- commit bad5fb8
- sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052)
- commit be4a850
- selftests: mptcp: close fd_in before returning in main_loop
(git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop
(git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
(git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
(git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire
slave device (git-fixes).
- bus: mhi: host: Fix race between unprepare and queue_buf
(git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct
mode claim fails (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching
oversampling ratio (git-fixes).
- driver core: Remove needless return in void API
device_remove_group() (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- commit 0fbd190
- uprobes: Reject the shared zeropage in uprobe_write_opcode() (CVE-2025-21881 bsc#1240185)
- commit 8483377
- scsi: ufs: core: bsg: Fix crash when arpmb command fails (CVE-2025-21873 bsc#1240184)
- commit 8b26b99
- xhci: Fix null pointer dereference during S4 resume when
resetting ep0 (bsc#1235550).
- commit 647e59a
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
Replace our patch with the upstream version.
- Delete
patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch.
- commit 9580b87
- kABI fix for RDMA/core: Don't expose hw_counters outside (git-fixes)
- commit 6079f81
- RDMA/core: Don't expose hw_counters outside of init net namespace (git-fixes)
- commit f134527
- xhci: fix possible null pointer deref during xhci urb enqueue
(bsc#1235550).
- commit e4d47e4
- xhci: Reconfigure endpoint 0 max packet size only during
endpoint reset (bsc#1235550).
- commit fe44e60
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- commit a2f9145
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- commit e2a4340
- bpf: Add tracepoints with null-able arguments (bsc#1235501
CVE-2024-56702).
- commit 60ddcfa
- net: Add rx_skb of kfree_skb to raw_tp_null_args (bsc#1235501
CVE-2024-56702).
- commit 2f246d2
- bpf: Augment raw_tp arguments with PTR_MAYBE_NULL (bsc#1235501
CVE-2024-56702).
- commit bd84127
- CIFS: New mount option for cifs.upcall namespace resolution
(CVE-2025-2312 bsc#1239684).
- commit b749482
- ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (CVE-2025-21887 bsc#1240176)
- commit d9e7d31
- mptcp: always handle address removal under msk socket lock (CVE-2025-21875 bsc#1240168)
- commit ae417d1
- perf/core: Add RCU read lock protection to perf_iterate_ctx() (CVE-2025-21889 bsc#1240167)
- commit 6d49490
- nvkm: correctly calculate the available space of the GSP cmdq buffer (CVE-2024-58018 bsc#1238990)
- commit 3fbbd2b
- team: prevent adding a device which is already a team device lower (CVE-2024-58071 bsc#1238970)
- commit 0e6515d
- mm/page_alloc: fix memory accept before watermarks gets
initialized (bsc#1239600).
- commit 10a4fc6
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit 67af0a4
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- commit c4c365f
- nvme: move error logging from nvme_end_req() to __nvme_end_req()
(git-fixes).
- commit c939fa2
- nvme-fc: rely on state transitions to handle connectivity loss
(git-fixes bsc#1222649).
- commit 0e1fcfd
- nvme: allow passthru cmd error logging (git-fixes).
Refresh:
- patches.suse/nvme-fix-multipath-batched-completion-accounting.patch
- patches.suse/nvme-use-srcu-for-iterating-namespace-list.patch
- patches.suse/nvme-split-off-tls-sysfs-attributes-into-a-separate-group.patch
- commit ca344c0
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- commit aad868b
- nvmet-fc: Remove unused functions (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection()
(git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly
ordered arch (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
(git-fixes).
- nvmet: remove old function prototype (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state
(git-fixes bsc#1222649).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv
done (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
(git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting
(git-fixes bsc#1222649).
Refresh:
- patches.suse/nvme-fc-use-ctrl-state-getter.patch
- nvme-fc: go straight to connecting state when initializing
(git-fixes bsc#1222649).
- commit 22d62a2
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- commit bea89fa
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- commit 3224bb8
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- commit bcfde59
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- commit 4d30cdc
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- commit 49aa8a8
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- commit eb80776
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- commit b4f3b31
- idpf: fix checksums set in idpf_rx_rsc() (CVE-2025-21890
bsc#1240173).
- ice: Fix deinitializing VF in error path (CVE-2025-21883
bsc#1240189).
- ipvlan: ensure network headers are in skb linear part
(CVE-2025-21891 bsc#1240186).
- commit ac7a561
- Update
patches.suse/RDMA-bnxt_re-Fix-the-page-details-for-the-srq-create.patch
(git-fixes CVE-2025-21885 bsc#1240169).
- Update
patches.suse/RDMA-mlx5-Fix-a-WARN-during-dereg_mr-for-DM-type.patch
(git-fixes CVE-2025-21888 bsc#1240177).
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
(git-fixes CVE-2025-21886 bsc#1240188).
- Update
patches.suse/RDMA-mlx5-Fix-the-recovery-flow-of-the-UMR-QP.patch
(git-fixes CVE-2025-21892 bsc#1240175).
- Update
patches.suse/i2c-npcm-disable-interrupt-enable-bit-before-devm_re.patch
(git-fixes CVE-2025-21878 bsc#1240192).
- Update
patches.suse/ibmvnic-Don-t-reference-skb-after-sending-to-VIOS.patch
(CVE-2025-21858 bsc#1239468 CVE-2025-21855 bsc#1239484).
- Update patches.suse/iommu-vt-d-Fix-suspicious-RCU-usage.patch
(git-fixes CVE-2025-21876 bsc#1240179).
- Update
patches.suse/ndisc-use-RCU-protection-in-ndisc_alloc_skb.patch
(bsc#1239994 CVE-2025-21764 bsc#1237885).
- Update
patches.suse/powerpc-code-patching-Disable-KASAN-report-during-pa.patch
(bsc#1215199 CVE-2025-21869 bsc#1240182).
- Update
patches.suse/usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch
(git-fixes CVE-2025-21877 bsc#1240172).
- commit 9c6e710
- Update
patches.suse/block-fix-integer-overflow-in-BLKSECDISCARD.patch
(git-fixes CVE-2024-49994 bsc#1225770 bsc#1237757).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(jsc#PED-12416 CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-validate-slices-count-returned-by-FW.patch
(jsc#PED-12416 CVE-2024-38606 bsc#1226871).
- Update
patches.suse/dm-raid-Fix-WARN_ON_ONCE-check-for-sync_thread-in-ra.patch
(git-fixes CVE-2024-43820 bsc#1229311).
- Update
patches.suse/fbdev-pxafb-Fix-possible-use-after-free-in-pxafb_tas.patch
(stable-fixes CVE-2024-49924 bsc#1232364).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(git-fixes CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit e0b966a
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- commit 34587d0
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- commit 2fa0f31
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- commit b249c41
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- commit 0fe5ca5
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- commit e5c2137
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- commit 3634652
- power: supply: max77693: Fix wrong conversion of charge input
threshold value (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing
IRQ type (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in
intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call
(git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call
(git-fixes).
- backlight: led_bl: Hold led_access lock when calling
led_sysfs_disable() (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res
PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
(git-fixes).
- Revert "leds-pca955x: Remove the unused function
pca95xx_num_led_regs()" (stable-fixes).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - remove access to parity register for QAT GEN4
(git-fixes).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment
(git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length
(git-fixes).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- lib: 842: Improve error handling in sw842_compress()
(git-fixes).
- commit 8ad02d4
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
(git-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows
(git-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Use scoped variables with memory allocators to
simplify error paths (stable-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Remove extern from function prototypes
(stable-fixes).
- commit 87db269
- ocfs2: mark dquot as inactive if failed to start trans while
releasing dquot (git-fixes).
- commit 54dc104
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- commit 73be6ce
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- commit ef7689a
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- commit cc4c3a7
- ocfs2: handle a symlink read error correctly (git-fixes).
- commit 79c2998
- dlm: prevent NPD when writing a positive value to event_done
(git-fixes).
- commit 8f717c8
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- commit bb32126
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- commit 45fdfe2
- jfs: add check read-only before truncation in
jfs_truncate_nolock() (git-fixes).
- commit 88c1bf9
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- commit 7ae1e64
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- commit fd3fbef
- Move upstreamed nfsd and sunrpc patches into sorted section
- commit 8ca9bbb
- Move upstreamed PCI and initramfs patches into sorted section
- commit 66970bb
- Move upstreamed powerpc and SCSI patches into sorted section
- commit 21807c4
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
(git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures
(git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx
without data payload (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling
(git-fixes).
- PCI: brcmstb: Fix error path after a call to
regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Use internal register to change link capability
(git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up
(git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
(git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
(git-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed
(git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge()
(git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function
removal (git-fixes).
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB
(git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
(git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL
ptr (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
(git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on
failure (git-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering
DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC
timing (git-fixes).
- drm/msm/dpu: don't use active in atomic_check() (git-fixes).
- drm/amd/display: fix type mismatch in
CalculateDynamicMetadataParameters() (git-fixes).
- drm/amdkfd: Fix Circular Locking Dependency in
'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting"
(git-fixes).
- drm/repaper: fix integer overflows in repeat functions
(git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message
(git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro
(git-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register
access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables
(git-fixes).
- drm/vkms: Fix use after free and double free on init error
(git-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed
correctly (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
(git-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- mdacon: rework dependency list (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null
pointer check (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status
(git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- regulator: check that dummy regulator has been probed before
using it (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
(git-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
(stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size
(stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path
(git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling
(stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task()
(stable-fixes).
- commit 0b221d1
- mptcp: pm: only set fullmesh for subflow endp (CVE-2025-21706 bsc#1238528)
- commit 1499b76
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
(git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- ioam6: improve checks on user data (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- commit 2678976
- af_unix: Remove put_pid()/put_cred() in copy_peercred()
(bsc#1240334).
- commit 3c2ac6a
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- commit 73d1c92
- Reapply "wifi: ath11k: restore country code during resume"
(bsc#1207948).
- wifi: ath11k: choose default PM policy for hibernation
(bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well
(bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume()
(bsc#1207948).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume()
(bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model
(bsc#1207948).
- commit 776bdcc
- tee: optee: Fix supplicant wait loop (CVE-2025-21871
bsc#1240183).
- ASoC: SOF: ipc4-topology: Harden loops for looking up ALH
copiers (CVE-2025-21870 bsc#1240191).
- commit d4df66d
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of
qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap()
calls (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe() (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values
(git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries
(git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo()
(git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION
before comparison (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel
(git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc
(git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC
(git-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format
(git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in
mt7915_muru_stats_show() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- wifi: rtw89: fw: correct debug message format in
rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data
(git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails
(git-fixes).
- wifi: ath12k: Clear affinity hint before calling
ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath11k: Clear affinity hint before calling
ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor
mode (git-fixes).
- wifi: ath11k: fix RCU stall while reaping monitor destination
ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS
Capability (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool
(git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command
(git-fixes).
- broadcom: fix supported flag check in periodic output function
(git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
(git-fixes).
- commit 62d1ca7
- drop_monitor: fix incorrect initialization order (CVE-2025-21862
bsc#1239474).
- rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
(CVE-2025-21635 bsc#1236111).
- net/smc: protect link down work from execute after lgr freed
(CVE-2024-56718 bsc#1235589).
- netfilter: IDLETIMER: Fix for possible ABBA deadlock
(CVE-2024-54683 bsc#1235729).
- net/smc: fix LGR and link use-after-free issue (CVE-2024-56640
bsc#1235436).
- ipv6: Fix soft lockups in fib6_select_path under high next
hop churn (CVE-2024-56703 bsc#1235455).
- commit 32a040d
- kABI fix for net: ipv6: support reporting otherwise unknown
prefix flags in RTM_NEWPREFIX (git-fixes).
- commit 3656735
- net: avoid race between device unregistration and ethnl ops
(CVE-2025-21701 bsc#1237164).
- commit adae27d
- net: usb: usbnet: restore usb%d name exception for local mac
addresses (bsc#1234480).
- commit 0605bcc
- x86/entry: Add __init to ia32_emulation_override_cmdline()
(git-fixes).
- commit 98c0019
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
(stable-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-support-for-various-ASUS-Laptop.patch.
- commit a9e9dbb
- ALSA: hda/realtek: Add support for various HP Laptops using
CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops
using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops
using CS35L41 HDA (stable-fixes).
- commit 249008f
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix
control names (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
(stable-fixes).
- commit 401355a
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print
(git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- HID: Enable playstation driver independently of sony driver
(git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook
X515UA (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup()
(git-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for
ti,j7200-cpb-audio compatible (git-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in
snd_pcm_format_set_silence() (git-fixes).
- commit 52d0d3b
- netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947
bsc#1236333).
- commit 970aeca
- include: net: add static inline dst_dev_overhead() to dst.h
(git-fixes).
- commit 38a62b9
- Refresh patches.suse/tpm-send_data-Wait-longer-for-the-TPM-to-become-read.patch.
Also extend the remaining tpm_tis_send_data timeout (bsc#1235870).
- commit 4b3d91d
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- commit 5da2185
- x86/microcode: Prepare for minimal revision check (git-fixes).
- commit c420631
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- commit 392e00e
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- commit b3900fd
- cpufreq/amd-pstate: Fix max_perf updation with schedutil
(bsc#1239707).
- commit fefd3ab
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo
(git-fixes).
- commit 2b5c9da
- x86/microcode: Protect against instrumentation (git-fixes).
- commit c6912a2
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- commit 62c98c3
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- commit 918f8ee
- x86/microcode: Provide new control functions (git-fixes).
- commit 8430c04
- x86/microcode: Add per CPU control field (git-fixes).
- commit 866b0a5
- x86/microcode: Add per CPU result state (git-fixes).
- commit 579033e
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
(CVE-2024-47408 bsc#1235711).
- commit 2f01046
- x86/microcode: Clarify the late load logic (git-fixes).
- commit 6230ee4
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- Refresh
patches.suse/x86-microcode-Sanitize-__wait_for_cpus.patch.
- commit dc94359
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- commit bdacddf
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- commit 6a00f9e
- x86/microcode: Mop up early loading leftovers (git-fixes).
- commit 9018df4
- kABI fix for "netfilter: nft_inner: incorrect percpu area
handling under softirq" (CVE-2024-56638 bsc#1235524).
- commit 3acf757
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- Refresh patches.suse/ipv6-prevent-UAF-in-ip6_send_skb.patch.
- Refresh patches.suse/net-fix-__dst_negative_advice-race.patch.
- commit a265247
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- Refresh
patches.suse/ipv6-sr-fix-incorrect-unregister-order.patch.
- commit ef06a22
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- Refresh
patches.suse/ipv6-prevent-NULL-dereference-in-ip6_output.patch.
- commit 97af13b
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- commit 916bc1a
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- commit 6cd5382
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- commit d0a37ed
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- commit 834a488
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- commit a5ea134
- ipv6: Set errno after ip_fib_metrics_init() in
ip6_route_info_create() (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw()
(git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- ipv6: release nexthop on device removal (CVE-2024-56751
bsc#1234936).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
(git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- net: use unrcu_pointer() helper (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
(git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and
rpl_input() (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop
fragment (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed
(git-fixes).
- commit ae4c044
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
(git-fixes).
- ipv6: Ensure natural alignment of const ipv6 loopback and
router addresses (git-fixes).
- commit 3e6f7bb
- net: ipv6: support reporting otherwise unknown prefix flags
in RTM_NEWPREFIX (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- commit aab80f1
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- commit a8e1ba8
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- commit 12d10b3
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- commit 44d31ee
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- Refresh
patches.suse/x86-microcode-intel-Remove-unnecessary-cache-writeback-and.patch.
- commit fd684d8
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- commit deae801
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- commit c89162d
- x86/microcode/intel: Simplify early loading (git-fixes).
- commit 571e4fe
- x86/microcode/intel: Cleanup code further (git-fixes).
- commit 53a643e
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- commit f3beb78
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- commit f25c748
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- commit 040895c
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- commit bf7e36d
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- commit cb4b02a
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- commit 1ec4661
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- commit 1bef486
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- commit 7d2da5d
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- commit 4164fad
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- commit 842e778
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- commit d92edaf
- x86/microcode/intel: Remove debug code (git-fixes).
- commit f06da57
- x86/microcode: Move core specific defines to local header (git-fixes).
- Delete
patches.suse/x86-cpu-Fix-amd_check_microcode-declaration.patch.
- commit 68e5a18
- x86/hyperv: Fix output argument to hypercall that changes page
visibility (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
(git-fixes).
- commit d929456
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- commit cd4315f
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- commit adc4f73
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- Refresh
patches.suse/platform-x86-intel-ifs-Gen2-scan-image-loading.patch.
- commit 9b8d381
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- Refresh
patches.suse/x86-cpu-intel-Detect-TME-keyid-bits-before-setting-MTRR-ma.patch.
- commit 4e2f346
- x86/microcode: Hide the config knob (git-fixes).
- commit d6f3245
- x86/mm: Remove unused microcode.h include (git-fixes).
- commit 88b351c
- x86/microcode: Remove microcode_mutex (git-fixes).
- commit 9723346
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- commit 36caa36
- Revert "wifi: ath11k: restore country code during resume"
(bsc#1207948).
- commit 18bdb23
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- commit 4a52b36
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- commit a5f84ff
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- commit e6ba4df
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- commit c13c7b0
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- commit 8e4bd72
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- commit 0180053
- media: vim2m: print device name after registering device
(git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init()
(git-fixes).
- media: v4l2-dv-timings: prevent possible overflow in
v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region
(git-fixes).
- media: venus: hfi: add check to handle incorrect queue size
(git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic
(git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access
(git-fixes).
- media: visl: Fix ERANGE error when setting enum controls
(git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the
error path (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field
(git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask
(git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators
and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly
in remove (git-fixes).
- media: streamzap: prevent processing IR data on URB failure
(git-fixes).
- media: streamzap: fix race between device disconnection and
urb callback (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (git-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
(git-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on
errors (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume
(git-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending
the use of ARRAY_SIZE() (git-fixes).
- commit d741ce2
- smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844 bsc#1239512)
- commit 5413aee
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- commit c180144
- ipv6: mcast: extend RCU protection in igmp6_send()
(CVE-2025-21759 bsc#1238738).
- commit 400a352
- ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760
bsc#1238763).
- commit 156bf64
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit f01aefb
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
(CVE-2025-21761 bsc#1238775).
- commit 742de46
- arp: use RCU protection in arp_xmit() (CVE-2025-21762
bsc#1238780).
- commit 816de2a
- neighbour: use RCU protection in __neigh_notify()
(CVE-2025-21763 bsc#1237897).
- commit f8fc7e4
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- commit d3f8de7
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
(bsc#1239994).
- commit 60e0c13
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- commit 8abe0aa
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- commit 095440f
- disable CRYPTO_DEV_QAT_420XX
- commit 0d9dc32
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- commit c35924e
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- Refresh
patches.suse/x86-Fix-CPUIDLE_FLAG_IRQ_ENABLE-leaking-timer-reprogram.patch.
- commit d3998f0
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- commit 317b615
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- commit 3276cd3
- lockdep: Don't disable interrupts on RT in
disable_irq_nosync_lockdep.*() (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- commit 77968cd
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- commit 29ec493
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- commit 4c35517
- flow_dissector: use RCU protection to fetch dev_net()
(bsc#1239994).
- commit a0e50a6
- ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765
bsc#1237906).
- commit c531d1f
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- commit 48756fc
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- commit 81b29a5
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- commit 5eecff1
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
(bsc#1239994).
- commit 6188164
- ipv4: use RCU protection in __ip_rt_update_pmtu()
(CVE-2025-21766 bsc#1238754).
- commit 03eaa8b
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- commit 95bdee3
- net: add dev_net_rcu() helper (bsc#1239994).
- commit 63dac1b
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: cleanup mana struct after debugfs_remove()
(git-fixes).
- Drivers: hv: vmbus: Don't release fb_mmio resource in
vmbus_free_mmio() (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0
(git-fixes).
- commit a640830
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986)
sle_version was obsoleted for SLE16. It has to be combined with
suse_version check.
- commit cbd5de3
- kABI workaround for intel-ish-hid (git-fixes).
- commit c1e0e59
- HID: intel-ish-hid: Send clock sync message immediately after
reset (stable-fixes).
- commit bb56845
- kABI workaround for soc_mixer_control changes (git-fixes).
- commit 41b23df
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated
irq (git-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
(stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name
(stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions
(stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B
(stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
several devices (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames
(stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
NHxxRZQ (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S
(stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir
G7 SE controllers (stable-fixes).
- ASoC: ops: Consistently treat platform_max as control value
(git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later
(stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth =
14 (stable-fixes).
- drm/amd/display: Restore correct backlight brightness after
a GPU reset (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init
(stable-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is
removed (git-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066
(git-fixes).
- drm/nouveau: Do not override forced connector status
(stable-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
(stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE
(stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi
module (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays
(stable-fixes).
- usb: phy: generic: Use proper helper for property detection
(stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform
profiles (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad
X120e (stable-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard
(stable-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
(stable-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards
(stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera
(stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in
doorbell (stable-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17
(stable-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show()
(stable-fixes).
- commit 3767537
- regulator: dummy: force synchronous probing (git-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- commit 74ce27f
- libperf cpumap: Grow array of read CPUs in smaller increments
(bsc#1234698 jsc#PED-12309).
- libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698
jsc#PED-12309).
- perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Be tolerant of newline at the end of a cpumask
(bsc#1234698 jsc#PED-12309).
- libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698
jsc#PED-12309).
- perf cpumap: Reduce transitive dependencies on libperf
MAX_NR_CPUS (bsc#1234698 jsc#PED-12309).
- perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309).
- libperf cpumap: Ensure empty cpumap is NULL from alloc
(bsc#1234698 jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__empty() to
perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__default_new() to
perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698
jsc#PED-12309).
- libperf cpumap: Rename perf_cpu_map__dummy_new() to
perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309).
- commit b89838c
- Refresh
patches.suse/udp-Deal-with-race-between-UDP-socket-address-change-and-r.patch.
- commit 4648743
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
Fix tools/ build breakage introduced by suse commit 3d6cb93162fd
"bitmap: introduce generic optimized bitmap_size() (git-fixes)"
- commit a17c3c2
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
Fix tools/ build breakage introduced by suse commit 3d6cb93162fd
"bitmap: introduce generic optimized bitmap_size() (git-fixes)"
- commit 2860902
- kABI: ufshcd: add ufshcd_dealloc_host back (CVE-2025-21739
bsc#1238506).
- commit 722da19
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
(CVE-2024-58083 bsc#1239036).
- commit bbd863b
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848
bsc#1239479).
- commit bd498df
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit f46ae1f
- udp: Deal with race between UDP socket address change and rehash
(CVE-2024-57974 bsc#1238532).
- commit d248d8d
- drm/radeon: fix uninitialized size issue in
radeon_vce_cs_parse() (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
(git-fixes).
- accel/qaic: Fix integer overflow in qaic_validate_req()
(git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G
(git-fixes).
- drm/v3d: Don't run jobs that have errors flagged in its fence
(git-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- batman-adv: Ignore own maximum aggregation size during RX
(git-fixes).
- Bluetooth: hci_event: Fix connection regression between LE
and non-LE adapters (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM
(git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source
(git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
(git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- commit fa047d8
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- commit be0fccb
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- commit 7560f3b
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- commit fae22e5
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- commit 4a61cfc
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- commit d7a5712
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- commit 1c0ffc5
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- commit fb56cee
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- commit d9ad94d
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- commit 3a68d14
- scsi: ufs: core: Fix use-after free in init error and remove
paths (CVE-2025-21739 bsc#1238506).
- commit f971898
- btrfs: use a separate end_io handler for extent_buffer writing
(bsc#1239045).
- btrfs: don't use btrfs_bio_ctrl for extent buffer writing
(bsc#1239045).
- btrfs: remove the mirror_num argument to
btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in
end_bio_subpage_eb_writepage (bsc#1239045).
- commit 5ca42b7
- ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys() (git-fixes).
- commit a7b4ac3
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- commit c17a6ef
- ata: pata_serverworks: Do not use the term blacklist
(git-fixes).
- commit cdc9008
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using
result_tf (git-fixes).
- commit cf84546
- ata: libata-scsi: Remove redundant sense_buffer memsets
(git-fixes).
- commit 3ff83f7
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- commit f3d1fc7
- ata: pata_parport: fit3: implement IDE command set registers
(git-fixes).
- commit b753758
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- commit e6786aa
- ata: pata_parport: add custom version of wait_after_reset
(git-fixes).
- commit 92ba445
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- commit d1b0425
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- commit b541e7c
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- commit 4d05cf3
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- commit cfcc878
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- commit e1ac37c
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- commit 86fe977
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- commit 9a15b23
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- commit 674715a
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 4a03990
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
(git-fixes CVE-2025-21703 bsc#1237313).
- commit ca9c9ec
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- commit 57c0aea
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- Refresh
patches.suse/net_sched-sch_sfq-don-t-allow-1-packet-limit.patch.
- commit e8a43b7
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc
(git-fixes).
- Refresh
patches.suse/net-sched-act_api-fix-possible-infinite-loop-in-tcf_.patch.
- commit b0f7ecb
- net_sched: Prevent creation of classes with TC_H_ROOT
(git-fixes).
- net/sched: cls_api: fix error handling causing NULL dereference
(git-fixes CVE-2025-21857 bsc#1239478).
- net/sched: netem: account for backlog updates from child qdisc
(git-fixes CVE-2024-56770 bsc#1235637).
- net/sched: tbf: correct backlog statistic for GSO packets
(git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
(git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for
actions created by classifiers (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to
fill_sched_entry() (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped
queue at right time (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period
(git-fixes).
- net/sched: flower: Add lock protection when remove filter handle
(git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts
(git-fixes).
- commit a5cca5e
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside
CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc: Stop using no_llseek (bsc#1239573).
- commit 5b9a0f5
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is
enabled (git-fixes).
- commit 39d5ea8
- kABI fix for netlink: terminate outstanding dump on socket close
(git-fixes).
- commit b2fd571
- usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
(bsc#1232389 CVE-2024-50056).
- commit e07e4ef
- netlink: terminate outstanding dump on socket close
(CVE-2024-53140 bsc#1234222).
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
(CVE-2024-53057 bsc#1233551).
- commit b824575
- usb: gadget: uvc: fix try format returns on uncompressed formats
(bsc#1232389 CVE-2024-50056).
- commit d2b161f
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit 215e0dc
- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)
- commit bc1d649
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- initramfs: allocate heap buffers together (bsc#1232848).
- init: add initramfs_internal.h (bsc#1232848).
- commit f42c132
- net: stmmac: fix TSO DMA API usage causing oops (CVE-2024-56719 bsc#1235591)
- commit 66963e5
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- commit f832e33
- supported.conf: add now-included qat_420xx (external, intel)
- commit 85940df
- net: constify sk_dst_get() and __sk_dst_get() argument
(git-fixes).
- commit a24981b
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- commit 5d1d9ed
- crypto: qat - add support for device telemetry (jsc#PED-12416). - Refresh patches.suse/crypto-qat-disable-IOV-in-adf_dev_stop.patch. - Refresh patches.suse/crypto-qat-remove-check-after-debugfs_create_dir.patch.
- commit 3d131da
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- commit 8fbb076
- Update config files for PED-12416: QAT_420XX=m on x86, disable error injection.
- commit bbce3cc
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 0b762e3
- usb: gadget: uvc: Fix use-after-free for inflight usb_requests
(bsc#1232389 CVE-2024-50056).
- commit 2525765
- usb: gadget: uvc: move video disable logic to its own function
(bsc#1232389 CVE-2024-50056).
- commit 2ceecdc
- usb: gadget: uvc: Allocate uvc_requests one at a time
(bsc#1232389 CVE-2024-50056).
- commit 4e4b74d
- usb: gadget: uvc: prevent use of disabled endpoint (bsc#1232389
CVE-2024-50056).
- commit fe7e829
- usb: gadget: uvc: clean up comments and styling in video_pump
(bsc#1232389 CVE-2024-50056).
- commit c00889e
- Bluetooth: Improve setsockopt() handling of malformed user input
(git-fixes).
- commit b7abeef
- btrfs: drop the backref cache during relocation if we commit
(bsc#1239605).
- btrfs: check delayed refs when we're checking if a ref exists
(bsc#1239605).
- commit cfc9247
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- commit cae0f76
- Update
patches.suse/net-sched-use-RCU-read-side-critical-section-in-taprio_dump.patch
(CVE-2024-50126 bsc#1232895).
- commit 4fbfb83
- xhci: dbc: Replace custom return value with proper Linux error
code (git-fixes).
- commit 8f2f3fe
- xhci: dbc: Check for errors first in xhci_dbc_stop()
(git-fixes).
- commit 393eaad
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- commit c847619
- xhci: dbc: Use sysfs_emit() to instead of scnprintf()
(git-fixes).
- commit fdc638e
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- commit de56eef
- xhci: dbc: Drop duplicate checks for dma_free_coherent()
(git-fixes).
- commit b4ff421
- Update
patches.suse/xhci-Combine-two-if-statements-for-Etron-xHCI-host.patch
(git-fixes).
- Update
patches.suse/xhci-Don-t-issue-Reset-Device-command-to-Etron-xHCI-.patch
(git-fixes).
Fix false references introduced by reusing patches for SP7 needed
for a feature
- commit f1a52b1
- ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900
bsc#1235973).
- commit a940895
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
(bsc#1239349).
- commit 4c2eac0
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows
(git-fixes).
- commit e3c259b
- ubi: Add a check for ubi_num (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is
empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking
LEB failed (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create()
(git-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Don't reserve PEB if fm_anchor
exists (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap
data block (git-fixes).
- commit 123f0f1
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- commit cbadc13
- tcp: introduce tcp_clock_ms() (git-fixes).
- commit ef89ad4
- include/linux/mmzone.h: clean up watermark accessors
(bsc#1239600).
- commit 9cc8558
- mm: create promo_wmark_pages and clean up open-coded sites
(bsc#1239600).
- commit 9684a94
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
(git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- commit 3bc54d8
- mm: accept to promo watermark (bsc#1239600).
- commit 1ee3b42
- mm: fix endless reclaim on machines with unaccepted memory
(bsc#1239600).
- commit 2f9ff68
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte
feature (git-fixes).
- commit a688092
- kABI fix for tcp: drop secpath at the same time as we currently
drop (CVE-2025-21864 bsc#1239482).
- commit 79a237f
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
(git-fixes).
- commit f5ad85e
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- Refresh
patches.suse/xhci-pci-Fix-indentation-in-the-PCI-device-ID-defini.patch.
- commit 6e83d36
- xhci: Don't perform Soft Retry for Etron xHCI host (git-fixes).
- commit 9beb310
- xhci: Don't issue Reset Device command to Etron xHCI host
(jsc#PED-10701).
- commit 5ad7a28
- xhci: Combine two if statements for Etron xHCI host
(jsc#PED-10701).
- commit 68c16e1
- xhci: Cleanup Candence controller PCI device and vendor ID usage
(git-fixes).
- commit df43775
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host
(git-fixes).
- commit 1479d30
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- commit 6f73c8c
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- commit 32a2ce7
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- commit 02e0809
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- commit 3ebb63d
- xhci: pci: Use full names in PCI IDs for Intel platforms
(git-fixes).
- commit 38d020d
- ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782
bsc#1230769).
- commit e9d9715
- Input: iqs7222 - preserve system status register (git-fixes).
- commit 1f2a9a2
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2
(git-fixes).
- commit 9ee6aed
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- commit 6fedbfd
- Update
patches.suse/ASoC-SOF-stream-ipc-Check-for-cstream-nullity-in-sof.patch
(git-fixes CVE-2025-21847 bsc#1239471).
- Update
patches.suse/HID-multitouch-Add-NULL-check-in-mt_input_configured.patch
(git-fixes CVE-2024-58020 bsc#1239346).
- Update
patches.suse/USB-gadget-f_midi-f_midi_complete-to-call-queue_work.patch
(git-fixes CVE-2025-21859 bsc#1239467).
- Update patches.suse/acct-perform-last-write-from-workqueue.patch
(git-fixes CVE-2025-21846 bsc#1239508).
- Update
patches.suse/block-don-t-revert-iter-for-EIOCBQUEUED.patch
(git-fixes CVE-2025-21832 bsc#1239105).
- Update
patches.suse/fbdev-omap-use-threaded-IRQ-for-LCD-DMA.patch
(stable-fixes CVE-2025-21821 bsc#1239174).
- Update
patches.suse/nfsd-clear-acl_access-acl_default-after-releasing-them.patch
(git-fixes CVE-2025-21796 bsc#1238716).
- Update
patches.suse/nvmet-Fix-crash-when-a-namespace-is-disabled.patch
(git-fixes CVE-2025-21850 bsc#1239477).
- Update
patches.suse/orangefs-fix-a-oob-in-orangefs_debug_write.patch
(git-fixes CVE-2025-21782 bsc#1239117).
- Update
patches.suse/partitions-mac-fix-handling-of-bogus-partition-table.patch
(git-fixes CVE-2025-21772 bsc#1238911).
- Update
patches.suse/powerpc-code-patching-Fix-KASAN-hit-by-not-flagging-.patch
(bsc#1215199 CVE-2025-21866 bsc#1239473).
- commit d74c347
- nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997 CVE-2024-58019)
- commit 73aa11f
- i2c: sis630: Fix an error handling path in sis630_probe()
(git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
(git-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe()
(git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- commit a2963cf
- Input: ads7846 - fix gpiod allocation (git-fixes).
- commit 829ae40
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen
2 model (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360
14-dy1xxx (stable-fixes).
- commit 10b7907
- ASoC: codecs: wm0010: Fix error handling path in
wm0010_spi_probe() (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology
probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in
mid_get_vbt_data() (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work
(git-fixes).
- commit 866bbeb
- Refresh patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch.
- Refresh
patches.suse/mptcp-move-__mptcp_error_report-in-protocol.c.patch.
- Refresh
patches.suse/tcp-define-initial-scaling-factor-value-as-a-macro.patch.
- Refresh
patches.suse/tcp-increase-the-default-TCP-scaling-ratio.patch.
After discussing with @jwiesner: re-introduce b8dc6d6ce ("mptcp: fix rcv
buffer auto-tuning")
- commit 2c38df3
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize() (CVE-2025-21861 bsc#1239483).
- commit 2aaf230
- mm: migrate_device: use more folio in migrate_device_finalize()
(CVE-2025-21861 bsc#1239483 dependency).
- commit 6c15dfd
- geneve: Suppress list corruption splat in
geneve_destroy_tunnels() (CVE-2025-21858 bsc#1239468).
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl()
(CVE-2025-21865 bsc#1239481).
- ibmvnic: Don't reference skb after sending to VIOS
(CVE-2025-21858 bsc#1239468).
- geneve: Fix use-after-free in geneve_find_dev() (CVE-2025-21858
bsc#1239468).
- commit 37714b5
- drm/amdgpu: Check extended configuration space register when
system uses large bar (stable-fixes).
- Refresh
patches.suse/drm-amdgpu-disable-BAR-resize-on-Dell-G5-SE.patch.
- commit 3119f0d
- wifi: cfg80211: cancel wiphy_work before freeing wiphy
(git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms
(git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass
Storage Card Reader (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- gpio: rcar: Use raw_spinlock to protect register access
(stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad
X131e (stable-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress
200M (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL
(git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions
(stable-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- commit afdffc3
- Delete patches.suse/APEI-GHES-Have-GHES-honor-the-panic-setting.patch (bsc#1239615)
The panic-on-reboot behavior change is too surprsing as an update,
better to be reverted during SP
- commit 38b0ca3
- nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565).
- commit dbe8ca2
- nfs: clear SB_RDONLY before getting superblock (bsc#1238565).
- commit 41b72ba
- dm-crypt: track tag_offset in convert_context (git-fixes).
- commit e418c3f
- dm-crypt: don't update io->sector after
kcryptd_crypt_write_io_submit() (git-fixes).
- commit 4e42a0d
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
(git-fixes).
- commit d656a3c
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block
size (take 2) (git-fixes).
mwilck: some hand editing because d95e2c34a3ca ("dm verity: Fix IO
priority lost when reading FEC and hash") is missing
- commit 952c7af
- dm array: fix cursor index when skipping across block boundaries
(git-fixes).
- commit 9559a70
- dm array: fix unreleased btree blocks on closing a faulty
array cursor (git-fixes).
- commit 3401ff8
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- commit b8c64af
- dm: Fix typo in error message (git-fixes).
- commit 085bad2
- dm-unstriped: cast an operand to sector_t to prevent potential
uint32_t overflow (git-fixes).
- commit 9289690
- Revert "dm: requeue IO if mapping table not yet available"
(git-fixes).
- commit 5102f1f
- dm-integrity: fix a race condition when accessing recalc_sector
(git-fixes).
- commit f9223d3
- dm persistent data: fix memory allocation failure (git-fixes).
- commit 6ad0a55
- dm resume: don't return EINVAL when signalled (git-fixes).
- commit b83910f
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- commit d18f8de
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
(git-fixes).
- commit 6d3fcd8
- dm init: Handle minors larger than 255 (git-fixes).
- commit 73dcd27
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- commit 3d6cb93
- dm-delay: fix max_delay calculations (git-fixes).
- commit 9bd5588
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- commit c232aae
- dm-delay: fix workqueue delay_timer race (git-fixes).
- commit d3bc4cb
- dm integrity: fix out-of-range warning (git-fixes).
- commit 94146a8
- dm-integrity: align the outgoing bio in integrity_recheck
(git-fixes).
- commit 8ef7f34
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
(git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- commit 3e8333c
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits
out (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's
safe (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent
(git-fixes).
- commit 057626d
- tcp: avoid reusing FIN_WAIT2 when trying to find port in
connect() process (git-fixes).
- commit b709352
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- commit ee5bb6a
- tcp: Update window clamping condition (git-fixes).
- commit 21c2df7
- tcp: Adjust clamping window for applications specifying
SO_RCVBUF (git-fixes).
- commit 45a6b13
- tcp: Don't drop SYN+ACK for simultaneous connect() (git-fixes).
- commit d347622
- tcp: fix races in tcp_v_err() (git-fixes).
- commit 7d8961a
- tcp: fix races in tcp_abort() (git-fixes).
- commit 57c21f2
- tcp: fix race in tcp_write_err() (git-fixes).
- commit f7c5a0b
- tcp: add tcp_done_with_error() helper (git-fixes).
- commit 67b079b
- tcp: fix incorrect undo caused by DSACK of TLP retransmit
(git-fixes).
- commit 7fc3dc6
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call
tcp_try_to_open() (git-fixes).
- commit 481ef49
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for
failed TFO (git-fixes).
- commit e0d6e17
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
(git-fixes).
- commit 2f9ac53
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- commit debc800
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- commit e578c32
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value
(git-fixes).
- commit a0f87a0
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- commit 9d8f16e
- tcp: increase the default TCP scaling ratio (git-fixes).
- commit 37d2a56
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- Refresh
patches.suse/mptcp-cope-racing-subflow-creation-in-mptcp_rcv_spac.patch.
- commit baccd3e
- tcp: Fix bind() regression for v6-only wildcard and
v4(-mapped-v6) non-wildcard addresses (git-fixes).
- commit 10a8fd3
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- commit 2c65748
- tcp: fix incorrect parameter validation in the
do_tcp_getsockopt() function (git-fixes).
- commit 1b71f1e
- tcp: Add memory barrier to tcp_push() (git-fixes).
- commit 9e18439
- tcp: fix mid stream window clamp (git-fixes).
- commit 1da9c62
- tcp: define initial scaling factor value as a macro (git-fixes).
- Refresh
patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch.
- Refresh
patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
- commit 5d65891
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- commit 35f4bde
- tcp: derive delack_max from rto_min (git-fixes).
- commit 681cef6
- tcp: check mptcp-level constraints for backlog coalescing
(git-fixes).
- commit f47afe8
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes
bsc#1239595).
- commit e1c229c
- s390/stackleak: Use exrl instead of ex in __stackleak_poison()
(git-fixes bsc#1239594).
- commit bf5ac4c
- s390/ism: add release function for struct device (git-fixes
CVE-2025-21856 bsc#1239486).
- commit ae9aecd
- tcp: drop secpath at the same time as we currently drop dst
(CVE-2025-21864 bsc#1239482).
- commit 068f76d
- tcp: properly terminate timers for kernel sockets
(CVE-2024-35910 bsc#1224489).
- commit cd84ccc
- net: sched: use RCU read-side critical section in taprio_dump()
(CVE-2024-50140 bsc#1233060).
- commit 481b06f
- spi: microchip-core: Use helper function devm_clk_get_enabled()
(git-fixes).
- commit ba5bb35
- spi: microchip-core: Clean up redundant dev_err_probe()
(git-fixes).
- Refresh
patches.suse/spi-microchip-core-switch-to-use-modern-name.patch.
- commit e92f46c
- net/smc: check iparea_offset and ipv6_prefixes_cnt when
receiving proposal msg (CVE-2024-49571 bsc#1235733).
- commit d49e720
- kABI: bpf: Prevent tailcall infinite loop caused by freplace
kABI workaround (bsc#1235712 CVE-2024-47794).
- commit b659789
- bpf: Prevent tailcall infinite loop caused by freplace
(bsc#1235712 CVE-2024-47794).
- commit 594a2b0
- netdev: prevent accessing NAPI instances from another namespace
(CVE-2025-21659 bsc#1236206).
- commit 4814e4a
- ice: Remove and readd netdev during devlink reload (bsc#1230497
bsc#1239518).
- Refresh
patches.suse/ice-add-ice_adapter-for-shared-data-across-PFs-on-th.patch.
- commit fac3f79
- HID: hid-steam: Fix use-after-free when detaching device
(git-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle
(git-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in
ishtp_hid_remove() (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI
(git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on
system suspend (stable-fixes).
- commit 66671e7
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
(git-fixes).
- commit e9a08e4
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 987aac3
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs
(bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- commit 99e576d
- af_unix: Disable MSG_OOB handling for sockets in
sockmap/sockhash (bsc#1239435).
- af_unix: Annotate data-race of sk->sk_state in
unix_stream_read_skb() (bsc#1239435).
- commit 53fc06a
- padata: fix sysfs store callback check (git-fixes).
- commit 9e53996
- netpoll: Fix race condition in netpoll_owner_active
(CVE-2024-41005 bsc#1227858).
- commit edbf839
- sched/membarrier: Fix redundant load of membarrier_state
(bsc#1232743).
- commit 4b4693f
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for
server bind (git-fixes).
- commit acac4ee
- selftests/bpf: Add test case for the freeing of bpf_timer
(bsc#1238971 CVE-2025-21825).
- bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
(bsc#1238971 CVE-2025-21825).
- commit d0cb4f3
- kABI fix for l2tp: prevent possible tunnel refcount underflow
(CVE-2024-49940 bsc#1232812).
- commit d6225ab
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs
for pmemory (bsc#1239167 ltc#211055).
- commit 1543fff
- l2tp: fix lockdep splat (git-fixes).
- commit 1b614a9
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- commit 9f93194
- net l2tp: drop flow hash on forward (git-fixes).
- commit c98f745
- l2tp: fix incorrect parameter validation in the
pppol2tp_getsockopt() function (git-fixes).
- commit 33af351
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 8f719fe
- ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during
params (CVE-2024-58012 bsc#1239104).
- commit 3d2e163
- usb: gadget: Check bmAttributes only if configuration is valid
(git-fixes).
- usb: gadget: Fix setting self-powered state on suspend
(git-fixes).
- commit 1151d65
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
(git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations
(git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix
functionality (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
(git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails
(git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks
(git-fixes).
- drivers: core: fix device leak in __fw_devlink_relax_cycles()
(git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based
detection" (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device
(git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in
pmcmd_ioctl (git-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt
scenario (git-fixes).
- cdx: Fix possible UAF error in driver_override_show()
(git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function()
to avoid deadlock (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
(git-fixes).
- commit 481095d
- Update
patches.suse/HID-hid-thrustmaster-fix-stack-out-of-bounds-read-in.patch
(git-fixes CVE-2025-21794 bsc#1238502).
- Update
patches.suse/NFC-nci-Add-bounds-checking-in-nci_hci_create_pipe.patch
(git-fixes CVE-2025-21735 bsc#1238497).
- Update
patches.suse/PCI-Avoid-putting-some-root-ports-into-D3-on-TUXEDO-.patch
(git-fixes CVE-2025-21831 bsc#1239039).
- Update
patches.suse/PCI-rcar-ep-Fix-incorrect-variable-used-when-calling.patch
(git-fixes CVE-2025-21804 bsc#1238736).
- Update
patches.suse/RDMA-mlx5-Fix-a-race-for-an-ODP-MR-which-leads-to-CQ.patch
(git-fixes CVE-2025-21732 bsc#1237877).
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-use-after-free.patch
(git-fixes CVE-2025-21714 bsc#1237890).
- Update
patches.suse/RDMA-rxe-Fix-the-warning-__rxe_cleanup-0x12c-0x170-r.patch
(git-fixes CVE-2025-21829 bsc#1239030).
- Update
patches.suse/Revert-drm-amd-display-Use-HW-lock-mgr-for-PSR1.patch
(stable-fixes CVE-2025-21819 bsc#1238994).
- Update
patches.suse/USB-hub-Ignore-non-compliant-devices-with-too-many-c.patch
(stable-fixes CVE-2025-21776 bsc#1238909).
- Update
patches.suse/arm64-cacheinfo-Avoid-out-of-bounds-write-to-cacheinfo-array.patch
(git-fixes CVE-2025-21785 bsc#1238747).
- Update
patches.suse/ata-libata-sff-Ensure-that-we-cannot-write-outside-t.patch
(stable-fixes CVE-2025-21738 bsc#1238917).
- Update
patches.suse/batman-adv-Drop-unmanaged-ELP-metric-worker.patch
(git-fixes CVE-2025-21823 bsc#1238475).
- Update
patches.suse/batman-adv-fix-panic-during-interface-removal.patch
(git-fixes CVE-2025-21781 bsc#1238735).
- Update
patches.suse/blk-cgroup-Fix-class-block_class-s-subsystem-refcount-leakage.patch
(bsc#1237558 CVE-2025-21745 bsc#1238785).
- Update
patches.suse/block-bfq-fix-waker_bfqq-UAF-after-bfq_split_bfqq.patch
(git-fixes CVE-2025-21631 bsc#1236099).
- Update
patches.suse/can-ctucanfd-handle-skb-allocation-failure.patch
(git-fixes CVE-2025-21775 bsc#1238501).
- Update
patches.suse/can-etas_es58x-fix-potential-NULL-pointer-dereferenc.patch
(git-fixes CVE-2025-21773 bsc#1238762).
- Update
patches.suse/driver-core-class-Fix-wild-pointer-dereferences-in-A.patch
(git-fixes CVE-2025-21810 bsc#1238757).
- Update
patches.suse/drm-amdgpu-avoid-buffer-overflow-attach-in-smu_sys_s.patch
(stable-fixes CVE-2025-21780 bsc#1239115).
- Update
patches.suse/drm-amdgpu-bail-out-when-failed-to-load-fw-in-psp_in.patch
(git-fixes CVE-2025-21784 bsc#1238510).
- Update patches.suse/landlock-Handle-weird-files.patch (git-fixes
CVE-2025-21830 bsc#1239033).
- Update patches.suse/misc-fastrpc-Fix-copy-buffer-page-size.patch
(git-fixes CVE-2025-21734 bsc#1238734).
- Update
patches.suse/mm-compaction-fix-UBSAN-shift-out-of-bounds-warning.patch
(git fixes (mm/compaction) CVE-2025-21815 bsc#1238474).
- Update
patches.suse/msft-hv-3160-KVM-x86-Reject-Hyper-V-s-SEND_IPI-hypercalls-if-loca.patch
(git-fixes CVE-2025-21779 bsc#1238768).
- Update
patches.suse/nbd-don-t-allow-reconnect-after-disconnect.patch
(git-fixes CVE-2025-21731 bsc#1237881).
- Update
patches.suse/net-rose-fix-timer-races-against-user-threads.patch
(git-fixes CVE-2025-21718 bsc#1239073).
- Update patches.suse/net-rose-lock-the-socket-in-rose_bind.patch
(git-fixes CVE-2025-21749 bsc#1238904).
- Update
patches.suse/net-rose-prevent-integer-overflows-in-rose_setsockop.patch
(git-fixes CVE-2025-21711 bsc#1239114).
- Update
patches.suse/net-usb-rtl8150-enable-basic-endpoint-checking.patch
(git-fixes CVE-2025-21708 bsc#1239087).
- Update
patches.suse/nilfs2-fix-possible-int-overflows-in-nilfs_fiemap.patch
(git-fixes CVE-2025-21736 bsc#1238715).
- Update patches.suse/padata-avoid-UAF-for-reorder_work.patch
(git-fixes CVE-2025-21726 bsc#1238865).
- Update patches.suse/padata-fix-UAF-in-padata_reorder.patch
(git-fixes CVE-2025-21727 bsc#1237876).
- Update
patches.suse/scsi-mpi3mr-Fix-possible-crash-when-setting-up-bsg-f.patch
(git-fixes CVE-2025-21723 bsc#1238864).
- Update patches.suse/spi-sn-f-ospi-Fix-division-by-zero.patch
(git-fixes CVE-2025-21793 bsc#1238500).
- Update patches.suse/tty-xilinx_uartps-split-sysrq-handling.patch
(git-fixes CVE-2025-21820 bsc#1238479).
- Update
patches.suse/usb-cdc-acm-Check-control-transfer-buffer-size-befor.patch
(git-fixes CVE-2025-21704 bsc#1237571).
- Update
patches.suse/usb-gadget-core-flush-gadget-workqueue-after-device-.patch
(git-fixes CVE-2025-21838 bsc#1239065).
- Update
patches.suse/usb-gadget-f_midi-fix-MIDI-Streaming-descriptor-leng.patch
(git-fixes CVE-2025-21835 bsc#1239068).
- Update patches.suse/usbnet-ipheth-fix-DPE-OoB-read.patch
(git-fixes CVE-2025-21741 bsc#1238767).
- Update
patches.suse/usbnet-ipheth-fix-possible-overflow-in-DPE-length-ch.patch
(git-fixes CVE-2025-21743 bsc#1238781).
- Update
patches.suse/usbnet-ipheth-use-static-NDP16-location-in-URB.patch
(git-fixes CVE-2025-21742 bsc#1238771).
- Update
patches.suse/vsock-Keep-the-binding-until-socket-destruction.patch
(git-fixes CVE-2025-21756 bsc#1238876).
- Update
patches.suse/wifi-brcmfmac-Check-the-return-value-of-of_property_.patch
(stable-fixes CVE-2025-21750 bsc#1238905).
- Update
patches.suse/wifi-brcmfmac-fix-NULL-pointer-dereference-in-brcmf_.patch
(stable-fixes CVE-2025-21744 bsc#1238903).
- Update
patches.suse/wifi-mac80211-don-t-flush-non-uploaded-STAs.patch
(git-fixes CVE-2025-21828 bsc#1238958).
- Update patches.suse/zram-fix-potential-UAF-of-zram-table.patch
(git-fixes CVE-2025-21671 bsc#1236692).
- commit 0d7f015
- Update
patches.suse/Bluetooth-L2CAP-handle-NULL-sock-pointer-in-l2cap_so.patch
(git-fixes CVE-2024-58009 bsc#1238760).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-mgmt_.patch
(stable-fixes CVE-2024-58013 bsc#1239095).
- Update
patches.suse/HID-core-Fix-assumption-that-Resolution-Multipliers-.patch
(git-fixes CVE-2024-57986 bsc#1237907).
- Update
patches.suse/HID-hid-thrustmaster-Fix-warning-in-thrustmaster_pro.patch
(git-fixes CVE-2024-57993 bsc#1237894).
- Update
patches.suse/PCI-dwc-ep-Prevent-changing-BAR-size-flags-in-pci_ep.patch
(git-fixes CVE-2024-58006 bsc#1238772).
- Update
patches.suse/block-Fix-page-refcounts-for-unaligned-buffers-in-__bio_release_pages.patch
(git-fixes CVE-2024-35826 bsc#1224610).
- Update
patches.suse/block-avoid-to-reuse-hctx-not-removed-from-cpuhp-callback-list.patch
(git-fixes CVE-2024-41149 bsc#1235698).
- Update
patches.suse/block-fix-integer-overflow-in-BLKSECDISCARD.patch
(git-fixes CVE-2024-49994 bsc#1225770).
- Update
patches.suse/cifs-fix-potential-null-pointer-use-in-destroy_workqueue-in-init_ci.patch
(bsc#1231432 CVE-2024-42307 bsc#1229361).
- Update
patches.suse/clk-qcom-dispcc-sm6350-Add-missing-parent_map-for-a-.patch
(git-fixes CVE-2024-58080 bsc#1239027).
- Update
patches.suse/clk-qcom-gcc-sm6350-Add-missing-parent_map-for-two-c.patch
(git-fixes CVE-2024-58076 bsc#1239037).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-pointer-dereference-in.patch
(git-fixes CVE-2024-58052 bsc#1238986).
- Update
patches.suse/drm-msm-gem-prevent-integer-overflow-in-msm_ioctl_ge.patch
(git-fixes CVE-2024-52559 bsc#1238507).
- Update
patches.suse/drm-v3d-Stop-active-perfmon-if-it-is-being-destroyed.patch
(git-fixes CVE-2024-58086 bsc#1239038).
- Update patches.suse/idpf-convert-workqueues-to-unbound.patch
(git-fixes CVE-2024-58057 bsc#1238969).
- Update
patches.suse/ipmi-ipmb-Add-check-devm_kasprintf-returned-value.patch
(git-fixes CVE-2024-58051 bsc#1238963).
- Update
patches.suse/media-imx-jpeg-Fix-potential-error-pointer-dereferen.patch
(git-fixes CVE-2024-57978 bsc#1238523).
- Update
patches.suse/media-uvcvideo-Fix-crash-during-unbind-if-gpio-unit-.patch
(git-fixes CVE-2024-58079 bsc#1239029).
- Update
patches.suse/media-uvcvideo-Fix-double-free-in-error-path.patch
(git-fixes CVE-2024-57980 bsc#1237911).
- Update
patches.suse/media-uvcvideo-Remove-dangling-pointers.patch
(git-fixes CVE-2024-58002 bsc#1238503).
- Update
patches.suse/media-vidtv-Fix-a-null-ptr-deref-in-vidtv_mux_stop_t.patch
(stable-fixes CVE-2024-57834 bsc#1238993).
- Update
patches.suse/memory-tegra20-emc-fix-an-OF-node-reference-bug-in-t.patch
(git-fixes CVE-2024-58034 bsc#1238773).
- Update
patches.suse/misc-misc_minor_alloc-to-use-ida-for-all-dynamic-mis.patch
(git-fixes CVE-2024-58078 bsc#1239034).
- Update
patches.suse/net-fix-removing-a-namespace-with-conflicting-altnam.patch
(bsc#1233749 CVE-2024-26634 bsc#1221651).
- Update patches.suse/null_blk-fix-validation-of-block-size.patch
(git-fixes CVE-2024-41077 bsc#1228653).
- Update
patches.suse/platform-x86-int3472-Check-for-adev-NULL.patch
(stable-fixes CVE-2024-58011 bsc#1239080).
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-incorrectly-marks-MMIO-r.patch
(bsc#1218470 ltc#204531 CVE-2024-57999 bsc#1238526).
- Update
patches.suse/printk-Fix-signed-integer-overflow-when-defining-LOG_BUF_LEN_MAX.patch
(bsc#1237950 CVE-2024-58017 bsc#1239112).
- Update
patches.suse/rdma-cxgb4-Prevent-potential-integer-overflow-on-32b.patch
(git-fixes CVE-2024-57973 bsc#1238531).
- Update
patches.suse/remoteproc-core-Fix-ida_free-call-while-not-allocate.patch
(git-fixes CVE-2024-58056 bsc#1238981).
- Update
patches.suse/rtc-pcf85063-fix-potential-OOB-write-in-PCF85063-NVM.patch
(git-fixes CVE-2024-58069 bsc#1238978).
- Update
patches.suse/scsi-hisi_sas-Fix-a-deadlock-issue-related-to-automa-3c4f53b2.patch
(git-fixes CVE-2024-26873 bsc#1223047).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(git-fixes CVE-2024-57807 bsc#1235761).
- Update
patches.suse/smb-client-fix-double-put-of-cfile-in-smb2_rename_path-.patch
(git-fixes CVE-2024-46736 bsc#1230728).
- Update
patches.suse/smb-client-fix-double-put-of-cfile-in-smb2_set_path_size-.patch
(git-fixes CVE-2024-46796 bsc#1230832).
- Update
patches.suse/smb-client-fix-possible-double-free-in-smb2_set_ea-.patch
(git-fixes CVE-2024-50152 bsc#1233033).
- Update
patches.suse/soc-qcom-socinfo-Avoid-out-of-bounds-read-of-serial-.patch
(git-fixes CVE-2024-58007 bsc#1238511).
- Update
patches.suse/staging-media-max96712-fix-kernel-oops-when-removing.patch
(git-fixes CVE-2024-58054 bsc#1238975).
- Update
patches.suse/tomoyo-don-t-emit-warning-in-tomoyo_write_control.patch
(stable-fixes CVE-2024-58085 bsc#1239085).
- Update
patches.suse/tpm-Change-to-kvalloc-in-eventlog-acpi.c.patch
(bsc#1233260 bsc#1233259 bsc#1232421 CVE-2024-58005
bsc#1237873).
- Update
patches.suse/ubifs-skip-dumping-tnc-tree-when-zroot-is-null.patch
(git-fixes CVE-2024-58058 bsc#1238979).
- Update
patches.suse/usb-gadget-f_tcm-Don-t-free-command-immediately.patch
(git-fixes CVE-2024-58055 bsc#1238959).
- Update
patches.suse/usb-xhci-Fix-NULL-pointer-dereference-on-certain-com.patch
(git-fixes CVE-2024-57981 bsc#1237912).
- Update
patches.suse/wifi-brcmsmac-add-gain-range-check-to-wlc_phy_iqcal_.patch
(stable-fixes CVE-2024-58014 bsc#1239109).
- Update
patches.suse/wifi-mac80211-prohibit-deactivating-all-links.patch
(git-fixes CVE-2024-58061 bsc#1238973).
- Update
patches.suse/wifi-mt76-mt7925-fix-off-by-one-in-mt7925_load_clc.patch
(git-fixes CVE-2024-57990 bsc#1237900).
- Update
patches.suse/wifi-rtlwifi-fix-memory-leaks-and-invalid-access-at-.patch
(git-fixes CVE-2024-58063 bsc#1238984).
- Update
patches.suse/wifi-rtlwifi-remove-unused-check_buddy_priv.patch
(git-fixes CVE-2024-58072 bsc#1238964).
- Update
patches.suse/wifi-wcn36xx-fix-channel-survey-memory-allocation-si.patch
(git-fixes CVE-2024-57997 bsc#1238529).
- commit fb231d1
- Update
patches.suse/cpu-hotplug-Don-t-offline-the-last-non-isolated-CPU.patch
(bsc#1237562 CVE-2023-52831 bsc#1225533).
- Update
patches.suse/io_uring-rw-split-io_read-into-a-helper.patch
(bsc#1215211 CVE-2023-52926 bsc#1237565).
- commit a1ecaa9
- partitions: mac: fix handling of bogus partition table
(git-fixes).
- block: cleanup and fix batch completion adding conditions
(git-fixes).
- block: don't revert iter for -EIOCBQUEUED (git-fixes).
- commit 9b6ced4
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
(git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- commit 6203500
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- commit d83f55b
- sunrpc: suppress warnings for unused procfs functions
(git-fixes).
- commit cd678ab
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- commit 55bec3b
- SUNRPC: Prevent looping due to rpc_signal_task() races
(git-fixes).
- commit 033fbe6
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- commit 444dbb7
- nfsd: clear acl_access/acl_default after releasing them
(git-fixes).
- commit 44261ed
- pnfs/flexfiles: retry getting layout segment for reads
(git-fixes).
- commit 76f556a
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-support-for-various-ASUS-Laptop.patch.
- commit 9363cb2
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops
using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop
using CS35L41 HDA (stable-fixes).
- commit aea7c4e
- Refresh patches.suse/ALSA-hda-realtek-Workaround-for-resume-on-Dell-Venue.patch
A patch chunk was dropped mistakenly
- commit 0e9ac09
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA
Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops
using CS35L41 HDA (stable-fixes).
- commit 4ef6d55
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
(git-fixes).
- commit 844da8a
- ALSA: hda/realtek: Add support for various ASUS Laptops using
CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50
(stable-fixes).
- commit 2ee2163
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
(stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo
platform (stable-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery
(stable-fixes).
- commit 10a77af
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in
xgene_hwmon_probe() (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error
(git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
(git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify()
(git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: aggregator: protect driver attr handlers against module
unload (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe
(git-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config
(git-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- commit c757c56
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
When compiler different from the one which was used to configure the
kernel is used to build modules a warning is issued and the build
continues. This could be turned into an error but that would be too
restrictive.
The generated kernel-devel makefile could set the compiler but then the
main Makefile as to be patched to assign CC with ?=
This causes run_oldconfig failure on SUSE-2024 and kbuild config check
failure on SUSE-2025.
This cannot be hardcoded to one version in a regular patch because the
value is expected to be configurable at mkspec time. Patch the Makefile
after aplyin patches in rpm prep step instead. A check is added to
verify that the sed command did indeed apply the change.
- commit 6031391
- expat
-
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 for SLE-15-SP4
- deleted patches
- expat-CVE-2022-25235.patch (upstreamed)
- expat-CVE-2022-25236-relax-fix.patch (upstreamed)
- expat-CVE-2022-25236.patch (upstreamed)
- expat-CVE-2022-25313-fix-regression.patch (upstreamed)
- expat-CVE-2022-25313.patch (upstreamed)
- expat-CVE-2022-25314.patch (upstreamed)
- expat-CVE-2022-25315.patch (upstreamed)
- expat-CVE-2022-40674.patch (upstreamed)
- expat-CVE-2022-43680.patch (upstreamed)
- expat-CVE-2023-52425-1.patch (upstreamed)
- expat-CVE-2023-52425-2.patch (upstreamed)
- expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
- expat-CVE-2023-52425-fix-tests.patch (upstreamed)
- expat-CVE-2024-28757.patch (upstreamed)
- expat-CVE-2024-45490.patch (upstreamed)
- expat-CVE-2024-45491.patch (upstreamed)
- expat-CVE-2024-45492.patch (upstreamed)
- expat-CVE-2024-50602.patch (upstreamed)
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
- freetype2
-
- enable brotli support (jsc#PED-12258)
- libgcrypt
-
- FIPS: Pad PKCS1.5 signatures with SHA3 correctly [bsc#1241605]
* Add libgcrypt-FIPS-sha3-asn.patch
- ncurses
-
- Modify patch ncurses-5.9-ibm327x.dif
* Backport sclp terminfo description entry if for s390 sclp terminal lines
* Add a further sclp entry for qemu s390 based systems
* Make use of dumb
- openssl-3
-
- Security fix: [bsc#1240366]
* Minerva side channel vulnerability in P-384 on PPC arch
* Add openssl-3-p384-minerva-ppc.patch
* Add openssl-3-p384-minerva-ppc-p9.patch
- Security fix: [bsc#1240607]
* Check ssl/ssl3_read_internal null pointer [from commit 38b051a]
* Add openssl-check-ssl_read_internal-nullptr.patch
- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS
* [bsc#1230959, bsc#1232326, bsc#1231748]
* Add patch openssl-FIPS-fix-EMS-support.patch
- librdkafka
-
- 0001-Fix-timespec-conversion-to-avoid-infinite-loop-2108-.patch:
avoid endless loops (bsc#1242842)
- ruby2.5
-
- update suse.patch to 736ea75f25d52fdebb88ed6583468bd7c21190f6
- fix ReDoS in CGI::Util#escapeElement
bsc#1237806 CVE-2025-27220
- fix denial of service in CGI::Cookie.parse
bsc#1237804 CVE-2025-27219
- update suse.patch to 6bf78da1fc4048a11a8612741216ebc47d9ebb41
- move the request smuggling patch to the correct place
actually fixes bsc#1230930 CVE-2024-47220 and now boo#1235773
- libsolv
-
- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- bump version to 0.7.32
- Provide a symbol specific for the ruby-version
so yast does not break across updates (boo#1235598)
- sqlite3
-
- Sync version 3.49.1 from Factory (jsc#SLE-16032):
* CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
function, introduced in version 3.44.0, that could lead to a
memory error if the separator string is very large (hundreds
of megabytes).
* CVE-2025-29088, bsc#1241078: Enhanced the
SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust
against misuse.
* Obsoletes sqlite3-rtree-i686.patch
- libxml2
-
- security update
- added patches
CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+ libxml2-CVE-2025-32414.patch
CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+ libxml2-CVE-2025-32415.patch
- libzypp
-
- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
libxml2 2.14 potentially reads the complete stream, so it may
have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
service may set.
Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
keeppackages, gpgkey, mirrorlist, and metalink with the same
semantic as in a .repo file.
- version 17.36.7 (35)
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires: %{libsolv_devel_package} >= 0.7.32.
Code16 moved static libs to libsolv-devel-static.
- Drop usage of SHA1 hash algorithm because it will become
unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
default (false).
The default was true in Code12 (libzypp-16.x) and changed to
false with Code15 (libzypp-17.x). Unfortunately this was done by
shipping a modified zypp.conf file rather than fixing the code.
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- version 17.36.6 (35)
- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
(bsc#1238315)
Ftp actually differs between absolute and relative URL paths.
Absolute path names begin with a double slash encoded as '/%2F'.
This must be preserved when manipulating the path.
- version 17.36.5 (35)
- Add a transaction package preloader (fixes openSUSE/zypper#104)
This patch adds a preloader that concurrently downloads files
during a transaction commit. It's not yet enabled per default.
To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
in the environment.
- RpmPkgSigCheck_test: Exchange the test package signingkey
(fixes #622)
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
- Strip a mediahandler tag from baseUrl querystrings.
- version 17.36.4 (35)
- openssh
-
- Enable --with-logind to call the SetTTY dbus method in systemd.
This allows "wall" to print messages in ssh ttys (bsc#1239671)
- Small fixes to unref the dbus session when any error occurs:
* logind_set_tty.patch
- Added openssh-cve-2025-32728.patch (bsc#1241012, CVE-2025-32728).
This fixes an upstream logic error handling the DisableForwarding
option.
- pam
-
- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
entry.
[passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
[pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]
- patterns-base
-
- add bpftool to patterns enhanced base. jsc#PED-8375
- python-cryptography
-
- Update vendor tarball to fix CVE-2025-3416 (bsc#1242631)
- python-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- samba
-
- Fix Samba printers reporting invalid sid during print jobs;
(bsc#1234210); (bso#15792).
- supportutils
-
- Changes to version 3.2.10
+ network.txt collect all firewalld zones (pr#233)
+ Collects gfs2 info (PED-11853, pr#235, pr#236)
+ Ignore tasks/threads to prevent collecting duplicate fd data in open_files (bsc#1230371, pr#237)
+ Added openldap2_5 support for SLES (pr#238)
+ Collects additional hawk details (pr#239)
+ Optimized filtering D/Z processes (pr#241)
+ Collect firewalld permanent configuration (pr#243)
+ ldap_info: support for multiple DBs and sanitize olcRootPW (bsc#1231838, pr#247)
+ Added dbus_info for dbus.txt (bsc#1222650, pr#248)
- Changes to version 3.2.9
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221)
+ Supportconfig available in current distro (PED-7131)
+ Corrected display issues (bsc#1231396)
+ NFS takes too long, showmount times out (bsc#1231423)
+ Merged sle15 and master branches (bsc#1233726, PED-11669)
- timezone
-
- Update to 2025b:
* New zone for Aysén Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches
* revert-philippines-historical-data.patch
* tzdata-china.diff
- xen
-
- Update to Xen 4.18.5 security bug fix release (bsc#1027519)
xen-4.18.5-testing-src.tar.bz2
- Dropped patches contained in new tarball
658190ea-x86-non-BIGMEM-on-16Tb-systems.patch
66dedebf-x86-HVM-recursion-in-linear-rw.patch
67645902-libxg-increase-LZMA_BLOCK_SIZE.patch
6776dea1-x86-spec-ctrl-SRSO_U-S_NO-and-SRSO_MSR_FIX.patch
677bcb65-x86-traps-rework-LER-init-and.patch
677c1a7c-x86-AMD-misc-setup-for-Fam1A.patch
67921698-x86-HVM-MMIO-emul-cache-bounds-check.patch
67935a31-x86-HVM-dyn-alloc-emul-cache-ents.patch
67935a4c-x86-HVM-rw-split-at-page.patch
67977673-x86-IOMMU-check-CMPXCHG16B-when-enabling.patch
67977677-AMD-IOMMU-atomically-update-IRTE.patch
679796ff-x86-PV-further-harden-guest-mem-access.patch
67a5cb5f-radix-tree-purge-node-alloc-hooks.patch
67a5cb94-radix-tree-introduce-RADIX_TREE_INIT.patch
67acb684-x86-offline-APs-with-IRQs-disabled.patch
67acb685-x86-SMP-disable-IRQs-ahead-of-AP-shutdown.patch
67acb686-x86-PCI-disable-MSI-at-shutdown.patch
67acb687-x86-IOMMU-disable-IRQs-at-shutdown.patch
67b4961e-console-dont-truncate-panic-messages.patch
67b49d86-memory-resource_max_frames-retval.patch
67b5d27c-SVM-separate-STI-from-VMRUN.patch
67c06178-x86-IOMMU-bus-to-bridge-lock-acquired-IRQ-safe.patch
67c818d6-x86-PVH-dom0-correct-iomem_caps-bound.patch
67c818d8-x86-Dom0-relax-Interrupt-Address-Range.patch
67c86fc1-xl-fix-channel-configuration-setting.patch
67cb03e0-x86-vlapic-ESR-write-handling.patch
67d17edd-x86-expose-MSR_FAM10H_MMIO_CONF_BASE-on-AMD.patch
67d17ede-VT-x-PI-usage-of-msi_desc-msg-field.patch
67d2a3fe-libxl-avoid-infinite-loop-in-libxl__remove_directory.patch
67dada68-x86-mm-IS_ALIGNED-in-IS_LnE_ALIGNED.patch
67ea4268-x86-P2M-sync-fast-slow-p2m_get_page_from_gfn.patch
6800b54f-x86-HVM-update-repeat-count-upon.patch
68076044-x86emul-clip-rep-count-for-STOS.patch
6808f549-x86-Intel-work-around-MONITOR-MWAIT-errata.patch
68221f20-x86-alternative-when-feature-not-present.patch
68221f21-x86-guest-remove-Xen-hypercall_page.patch
68221f22-x86-misalign-__x86_indirect_thunk.patch
68221f23-x86-misalign-RETs-in-clear_bhb_loops.patch
68221f24-x86-stubs-introduce-place_ret.patch
68221f25-x86-build-with-Return-Thunks.patch
68221f26-x86-spec-ctrl-synthesise-ITS_NO.patch
- Failed to boot with XEN kernel on DL580 Gen12 (bsc#1242490)
658190ea-x86-non-BIGMEM-on-16Tb-systems.patch
- bsc#1243117 - VUL-0: CVE-2024-28956: xen: Intel CPU: Indirect
Target Selection (ITS) (XSA-469)
68221f20-x86-alternative-when-feature-not-present.patch
68221f21-x86-guest-remove-Xen-hypercall_page.patch
68221f22-x86-misalign-__x86_indirect_thunk.patch
68221f23-x86-misalign-RETs-in-clear_bhb_loops.patch
68221f24-x86-stubs-introduce-place_ret.patch
68221f25-x86-build-with-Return-Thunks.patch
68221f26-x86-spec-ctrl-synthesise-ITS_NO.patch
- Upstream bug fixes (bsc#1027519)
67c818d6-x86-PVH-dom0-correct-iomem_caps-bound.patch
67c818d8-x86-Dom0-relax-Interrupt-Address-Range.patch
67dada68-x86-mm-IS_ALIGNED-in-IS_LnE_ALIGNED.patch
67ea4268-x86-P2M-sync-fast-slow-p2m_get_page_from_gfn.patch
67f8ecda-rangeset-incorrect-subtraction.patch
6800b54f-x86-HVM-update-repeat-count-upon.patch
68076044-x86emul-clip-rep-count-for-STOS.patch
6808f549-x86-Intel-work-around-MONITOR-MWAIT-errata.patch
- zypper
-
- Updated translations (bsc#1230267)
- version 1.14.89
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88
- Package preloader that concurrently downloads files. It's not yet
enabled per default. To enable the preview set ZYPP_CURL2=1 and
ZYPP_PCK_PRELOAD=1 in the environment. (#104)
- BuildRequires: libzypp-devel >= 17.36.4.
- version 1.14.87
- refresh: add --include-all-archs (fixes #598)
Future multi-arch repos may allow to download only those metadata
which refer to packages actually compatible with the systems
architecture. Some tools however want zypp to provide the full
metadata of a repository without filtering incompatible
architectures.
- info,search: add option to search and list Enhances
(bsc#1237949)
- version 1.14.86